Extracted

• • Target

    b883b97b17450a10f95eba96de2c9921b2527d5ff6948a61a6147c94bd023fe6

  • Size

    364KB

  • MD5

    17ae1a58d1a582890ef6f3eb8c2936fe

  • SHA1

    cddf7c81e45fdec83cb81dca6faff0bdc5cb5661

  • SHA256

    b883b97b17450a10f95eba96de2c9921b2527d5ff6948a61a6147c94bd023fe6

  • SHA512

    6e7da090a92470421a623303b66a2d5b2577ecb755e7cf8283511b04d79dde9af1375df245cb4da69f94b2a971f839d734e21b6b07e962dfadd50af8ac4db41d

  • SSDEEP

    6144:aEToWW+sKejNKsTbTpfSl2JyRVc6TI2DNJeTNPcOlE/r1EHSRKYTpWI:awot+LKwy/pfSl2Jy7fTPNopJya6tpWI

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2