Extracted

• • Target

    3253f3a1d89d7a6045be304e5fb4399349d6cc4cf5cea222609102fc5286d1b2

  • Size

    368KB

  • MD5

    2665e1f4bf687584b428e6563a59a852

  • SHA1

    6f665dea0cb0032f821341eeda2a8523dafc90cf

  • SHA256

    3253f3a1d89d7a6045be304e5fb4399349d6cc4cf5cea222609102fc5286d1b2

  • SHA512

    a43950b8e00e482597d4bcf90041d94530868967994121386b3dfc8f4c83badafab0de0c5f3aa9971432e4bd8fea3c3beba53c9eabc39a204929842b09523a40

  • SSDEEP

    6144:/jRhVhZVNlrECRfaajfnwdgcXlzbrp5nkaALQf4jTfec:lrLNrEWCazK3XFh5vALQUfec

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2