Extracted

• • Target

    2125d67c6ad89d83c34a203f62b5c63025bb710519b6c7b3c7a22c0550726175

  • Size

    368KB

  • MD5

    c928d71190d16ffcc234ee1061934501

  • SHA1

    40ea2a949190aac9ad3e17d5cccb6d51014bf065

  • SHA256

    2125d67c6ad89d83c34a203f62b5c63025bb710519b6c7b3c7a22c0550726175

  • SHA512

    9d60d54298e5e3d2e8d5eea26178fbbbca09acfc621556f48f63c34f19eaf4aec8c8b9da8c211dcd1e2df167a14914fe00e92dec2128f9774475694d7f14b966

  • SSDEEP

    6144:FelyjzIpb2xE5BNqj+DYvjZask87WlizIwYYozY/TZ4tjK:YlyjzIpbyE6yDYFask87Oi9Z4tjK

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2