Extracted

• • Target

    238d362c1c148a44a7cbce388b09ed8bf5d0848a75f8d9eb2eba523b3a4dca71

  • Size

    365KB

  • MD5

    9bb128c32553ef7ceaf2b15c8c6a8874

  • SHA1

    84d1d66f49d2827d689078078b68d7664a88134c

  • SHA256

    238d362c1c148a44a7cbce388b09ed8bf5d0848a75f8d9eb2eba523b3a4dca71

  • SHA512

    961fb9db495c2e46ecad99b93e5b7e04ba9929121f4ee46f721204618eaa1aa7acbd1d897e873faf8639b983c23c5380abe3737bc0f312d16ab5d65a0068a5a7

  • SSDEEP

    6144:PaX7EMN6qa0aDkM2fzyL8uD1OQma0Ow9bcip87002dK1:PM5NKPkM2fzg1OiFt7FyK1

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2