Extracted

• • Target

    bf8483792084de63b9f5e74934aeed7e8aa9de61a1fa89ab518d54367eb70449

  • Size

    366KB

  • MD5

    2b4399f121325c7b243c020345a16d29

  • SHA1

    48dac77997bde48fb8111b9aeeec5a0b9fbde88b

  • SHA256

    bf8483792084de63b9f5e74934aeed7e8aa9de61a1fa89ab518d54367eb70449

  • SHA512

    a7ac35241f783d376a7077df4266fe7e56476e064a5b0009a42e095d12e256535944da81c4d951d263069b884f44a7b4fe0b2a8ed76ac73396054a910db4e3ea

  • SSDEEP

    6144:OumbY5CsTONMI5+dcIIMprOeXcoEo7f6Z/:OFEQhmI5mtDdOe1EoOZ/

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2