Extracted

• • Target

    ae387417a28a25e053ffb742f180ac46591e1f3c49695b1c7a20c94326d6d572

  • Size

    365KB

  • MD5

    89d7ab888e1a93548a64fee01f3cb2b4

  • SHA1

    e1997985e4ae10e16f888ec24bfba7e9fa4a0894

  • SHA256

    ae387417a28a25e053ffb742f180ac46591e1f3c49695b1c7a20c94326d6d572

  • SHA512

    6bdbbd446d87dd6bcebe0c1e294ff9b83a6460d7f6e771e0a84f6e776edf7094b67dc68a4e1f264196570a2c41ed223c4a557fa80fd09fa37b15f15b0d775482

  • SSDEEP

    6144:0j9PNW6k+7KXF5gUZwnAFpPLr2PXEVT1NjGzG4YqJcbbYTOO4:0j9PA6d7K4UZwQ2Xw1mt+b8OO4

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2