Extracted

• • Target

    ac092f1c79ef9ffdec5047e26b92ecf7ad8aa6847b8975adec383e5189bdb5c1

  • Size

    366KB

  • MD5

    472dcfd713e1f0484c045d94579118dd

  • SHA1

    01dda1006a6065d5d7de533e980dc62cf9c7cf35

  • SHA256

    ac092f1c79ef9ffdec5047e26b92ecf7ad8aa6847b8975adec383e5189bdb5c1

  • SHA512

    c63a12382f285a5935c7252d2b2587043b0663242e0685f3d847c0852f89d513bd407e1186859a212e71a436f2b397c4b0d87a361d9e7c9a7a8a5e83f83131f8

  • SSDEEP

    6144:OumbY5CsTONMI5+dcIIMprOeXcoEo7f6Z4:OFEQhmI5mtDdOe1EoOZ4

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2