Extracted

• • Target

    735fc5e1baa4c307c1a90faab5c5ece5635545bcc39c98a7823456e488c5f2bf

  • Size

    384KB

  • MD5

    b144f886d68042cf93e23cfab80c632d

  • SHA1

    53f6c6f673ff6ef2cdab2ed388bbd6eef34e0efa

  • SHA256

    735fc5e1baa4c307c1a90faab5c5ece5635545bcc39c98a7823456e488c5f2bf

  • SHA512

    115ec2b583926a7bc11f0b3e6bb08a330db20cf7015ad7d890a5cc6a4a2f7e5eb849d1bb9184b895ca9718163c84d6c24e1b10ffa22731b3b524cffeb5a82fa7

  • SSDEEP

    6144:CvNcF7Kk1SAa5i2mfLPrzOMWRTco+7ASGdHhyUZwS6:CvNo+nAa5gnXo+c8aT6

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2