Extracted

• • Target

    c697ba11d34c3fcce2efe3d2699c68c933f986b36ccb6b9fb0e9c08fcbcfa7e0

  • Size

    382KB

  • MD5

    278218d2ac13d2d7134e6e9a0828e4d5

  • SHA1

    05066b895c41396d0321bc3a032f2f7c2e1811e3

  • SHA256

    c697ba11d34c3fcce2efe3d2699c68c933f986b36ccb6b9fb0e9c08fcbcfa7e0

  • SHA512

    f1e41a457c01a6ad0ac00e3a004023429d644b1a9bb193afd277f333f1bd4bd00059e37c6df2565b9c7e8bda3cbe3f713b2d39d04ca0c5ad169788efdb230b7d

  • SSDEEP

    6144:1jNHmrGVx/2m1f+eo864r+m4fSw3Axa3Uet46nBeJKts:1jNGexJo8raXfS8Axa35t46nUJKts

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2