Extracted

• • Target

    4097b2db5f655efc8134e76a331bf61f86c7f0485ce4421054e9744c9604c2c3

  • Size

    384KB

  • MD5

    2ef1178c7aa6f8898917e084709a6a25

  • SHA1

    80d524f575a8dffa8754250782ddd9f1a2ead5ff

  • SHA256

    4097b2db5f655efc8134e76a331bf61f86c7f0485ce4421054e9744c9604c2c3

  • SHA512

    266c88c4031f3fbf101b2c6b3a61037cde7dafd48d658b93072e405beeeb9796a58bb2a3e4a4c8ee67ef9e63c37b2694d662f8dcdfca73081841aee77224c48c

  • SSDEEP

    6144:CvNcF7Kk1SAa5i2mfLPrzOMWRTco+7ASGdHhyUZwS8:CvNo+nAa5gnXo+c8aT8

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2