Extracted

• • Target

    8b59b83091bd05cd084589475a2d511768c61de76c2f9d4a63ad4d43154fdf56

  • Size

    366KB

  • MD5

    dd2283fe42df132e798f44965625bc8d

  • SHA1

    f729ca01da277978915f3dbcf0033cd787b29d3e

  • SHA256

    8b59b83091bd05cd084589475a2d511768c61de76c2f9d4a63ad4d43154fdf56

  • SHA512

    9fbed40d1fa40e40d82bee3629c580a5873f1f43779f5aa955f1ee30cd833e5dc710d38b4921ec701d0ef452404e940c7ffb88082edb3b5dc4df022a4f8f43a1

  • SSDEEP

    6144:OumbY5CsTONMI5+dcIIMprOeXcoEo7f6Z8:OFEQhmI5mtDdOe1EoOZ8

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2