Extracted

• • Target

    34060ac4115abb0a2facb1763fef3c3d14f81e120edbc38f7860b43ea2633abf

  • Size

    368KB

  • MD5

    8e80240c5046a831a82b33a5110a75a4

  • SHA1

    28b5c1105309c371b0e75c1493370836efc8461e

  • SHA256

    34060ac4115abb0a2facb1763fef3c3d14f81e120edbc38f7860b43ea2633abf

  • SHA512

    2ff3a8f2efa0b37d579882970bf860bbf377d04b4eff3b1a95645c85e42caae57c945a772b113f055fc058a227ec1f23491ae388494ea9b953d4335907d1c047

  • SSDEEP

    6144:/jRhVhZVNlrECRfaajfnwdgcXlzbrp5nkaALQf4jTfeY:lrLNrEWCazK3XFh5vALQUfeY

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2