Extracted

• • Target

    d9c1e5df5baf1833a72a9591ab685d65c9e985563d791e27d5c4e4afeb672697

  • Size

    364KB

  • MD5

    164928a82210574dbb33128a7416e69a

  • SHA1

    5483ed912d256abad4c51dfac3c6bd5417e5102d

  • SHA256

    d9c1e5df5baf1833a72a9591ab685d65c9e985563d791e27d5c4e4afeb672697

  • SHA512

    0900ddb9cc6e8d2f2c5a9c2432c053c8120668314e0c9a15808718c27cee987fd83b647c280995a6bebbe7c79d7e2d9f1ae72e15be4f09f723fc7aa9dc777b41

  • SSDEEP

    6144:9HjGRWK3W3yK7lKM6FBEwOaIbJp4U/BKfL/z22v2qDx6Anq4Ndy3YTDXgI:9DGEK3WiK7UMCbm6bfVDxrntTDXgI

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2