Extracted

• • Target

    c2a79d5678242500ef4e282ad70b99c4342c2d6388c7bf6e630c6b9d7097014a

  • Size

    364KB

  • MD5

    004e1c0583cba9848b8bebb2eef5b58f

  • SHA1

    2c32e158fb6f02dca3017076edf423e35e977721

  • SHA256

    c2a79d5678242500ef4e282ad70b99c4342c2d6388c7bf6e630c6b9d7097014a

  • SHA512

    4bb241eb8b464f6b0ecbfeffeeeaf65f7f5530f9bd78eee2c155046fbdbaebe512363a2f0a59e6dc0620946db153226cb740a09b911a965c0ccbd21e1166e7a3

  • SSDEEP

    6144:aEToWW+sKejNKsTbTpfSl2JyRVc6TI2DNJeTNPcOlE/r1EHSRKYTpWP:awot+LKwy/pfSl2Jy7fTPNopJya6tpWP

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2