Extracted

• • Target

    516261b7c2646ce71cb0c0f4b68c7750785d7cc09f5ccb0d31e5b7fc6d2b69ef

  • Size

    367KB

  • MD5

    2c733b8cbc1c9175383cd2fa3a3c9f43

  • SHA1

    410dc497286ce12e82df27ec84d941c0d60df22a

  • SHA256

    516261b7c2646ce71cb0c0f4b68c7750785d7cc09f5ccb0d31e5b7fc6d2b69ef

  • SHA512

    33e56a5b6f03f4f9e323eb220c4c33bfee82dd05e76c0a88b1c92b8ffdd6cfc4713badb0588317e22cf4ad44178e891f0363a7faef667fd6d24ad63153d70560

  • SSDEEP

    6144:Jfvea1snS42x5pK0JcR4DypPotYhIiMuiEIMmH8d/zKXT8g/:Bvea1snS425K0JcRhuNiMEO8pe8g/

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2