Extracted

• • Target

    ba5d207ad1a4aa1fe66ed89899ae07bc40529e4556294b64d82e26fd0b3ba3fd

  • Size

    365KB

  • MD5

    3c37d46194d7ee0fb3842cf6d3ccb586

  • SHA1

    e4d4c01df345bb82313b6c4faac8184f71d76590

  • SHA256

    ba5d207ad1a4aa1fe66ed89899ae07bc40529e4556294b64d82e26fd0b3ba3fd

  • SHA512

    256e73923a69c7bb3e78d5591ada571e8d2c21700f862f239a85ab76cae42541e3f1832e0f855c58839b0a089f7d78865da7e89ca6b968737d087e3e16d2e41b

  • SSDEEP

    6144:PaX7EMN6qa0aDkM2fzyL8uD1OQma0Ow9bcip87002dK/:PM5NKPkM2fzg1OiFt7FyK/

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2