Extracted

• • Target

    0dfab9cf308564d17fb6d73de8ea621a864df964904512d5ef42627183ca971b

  • Size

    368KB

  • MD5

    ad3c2aa12b1994f565aea4f482ea5f03

  • SHA1

    70a7617a67932beb5fd6505a0694084a41d10d50

  • SHA256

    0dfab9cf308564d17fb6d73de8ea621a864df964904512d5ef42627183ca971b

  • SHA512

    cff8001221f2cd3782fb0461b24e6fc95001300ba2e1117d38245241ab90527ad73ad95bc0525eaadf9fec60ffd6ca731817188bc2e0b12a131d13c042855423

  • SSDEEP

    6144:FelyjzIpb2xE5BNqj+DYvjZask87WlizIwYYozY/TZ4tjP:YlyjzIpbyE6yDYFask87Oi9Z4tjP

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2