Extracted

• • Target

    3b68626673241b76545dd5acc4ed482c6c612245a2c42eadffd6377837377817

  • Size

    365KB

  • MD5

    57aafcc21a68ae2965f35962bd28c98c

  • SHA1

    6f5f108de8bd8dcbf364329133357937d047c852

  • SHA256

    3b68626673241b76545dd5acc4ed482c6c612245a2c42eadffd6377837377817

  • SHA512

    9e63685e94212a3170c22ad25b37248c1f28ab71b29dbb4b35d99c00a725cbc781ee7446a7cf16374390dbf0116f3ef22e96ad483f0b4c1f8978be8d21360774

  • SSDEEP

    6144:PaX7EMN6qa0aDkM2fzyL8uD1OQma0Ow9bcip87002dK4:PM5NKPkM2fzg1OiFt7FyK4

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2