Extracted

• • Target

    b9a869ecf83b81a65bd9d7f8725aed8c379776a785107d1175b584c147f6da94

  • Size

    368KB

  • MD5

    729c215494b09e1e57e4d14f76f58bc0

  • SHA1

    6ee527cf570f6074cc7fff99f2bb7e145142765e

  • SHA256

    b9a869ecf83b81a65bd9d7f8725aed8c379776a785107d1175b584c147f6da94

  • SHA512

    f7056d20cc6197c7ae05e44f6c85fc8ce040dbb3e0d4c83053350e7fcbcca20107e8868a556ecbf903d2a4ecc28fe37bc4d96e81b700540e016d54bb618fcb04

  • SSDEEP

    6144:mQLsPnj9HcQoscXDIkJUVmPdKTfVvvIFGg1w8c4lZNTpj6:DLsRxoscIeUMVCNX2Vw2lTpj6

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2