Extracted

• • Target

    ecea04acbe0a9d3c34e25dce92339db5ebc4006ea461ea1b44cbcbeda0e74af2

  • Size

    364KB

  • MD5

    6adfa7bcac8caec6d3022645fe7a33a5

  • SHA1

    e04fb84ac0ad062e04a2b5478b0cc44225744aef

  • SHA256

    ecea04acbe0a9d3c34e25dce92339db5ebc4006ea461ea1b44cbcbeda0e74af2

  • SHA512

    b1c61fc4421491f3986858f9f97bee0ac0346f3c283df47f9d32532f120c26aee87051525bdc97383ebe10de3d4bf7b960e11f28d44cdd7230386aacad1fd33c

  • SSDEEP

    6144:aEToWW+sKejNKsTbTpfSl2JyRVc6TI2DNJeTNPcOlE/r1EHSRKYTpWF:awot+LKwy/pfSl2Jy7fTPNopJya6tpWF

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2