Extracted

• • Target

    85721097af268e8a1d9d759823200504b0e7c8d223aee811a7197e13909ec081

  • Size

    382KB

  • MD5

    8fd202861ab0e7f09bb63f7b0baf43db

  • SHA1

    54711bc55e1fc8f5ed329515ef13eb3c9aafad11

  • SHA256

    85721097af268e8a1d9d759823200504b0e7c8d223aee811a7197e13909ec081

  • SHA512

    d7fb31ec904a4973e752b8b00d616cec78639b58ff2cda5f5d5d068cd0265fb6c38cf75fbce4e5125f861de026d9e128b3d950c72655eec84b42186776328cb4

  • SSDEEP

    6144:1jNHmrGVx/2m1f+eo864r+m4fSw3Axa3Uet46nBeJKtl:1jNGexJo8raXfS8Axa35t46nUJKtl

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2