Extracted

• • Target

    2d1a299604130224ca5abb410a6948e7035cd5c799956d9c2b15bf1ecc4b2f2d

  • Size

    384KB

  • MD5

    bd805e73c60a0016de4e3aca08e3c4ef

  • SHA1

    bde0d0c477049d005babc0fec8e5be9e08c69b28

  • SHA256

    2d1a299604130224ca5abb410a6948e7035cd5c799956d9c2b15bf1ecc4b2f2d

  • SHA512

    f7044eea25d4a8b603b763e97326c0226a33f766e4887c82ca44cf86f30176acf8dab018f39fd850e06b398fd0e874f042e6dbf462ce390308e3f1bac400688a

  • SSDEEP

    12288:lvNMaEOh22VwmtX3FLa16B3FuOx6LiBwwP:lVrs25X3V66BoOxvVP

  Score

  10^/10

  stealczgratdiscoveryratspywarestealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2