Extracted

• • Target

    7ece91487f9d7ad897ce696e8f471ee0e88378fa3e9595a4d9aa208601bdd7bc

  • Size

    384KB

  • MD5

    3d4ce3bb2e576cb652ffbcf92ac6b832

  • SHA1

    733ba86aa7b923c107ba48710e0ffa7f2fbd339c

  • SHA256

    7ece91487f9d7ad897ce696e8f471ee0e88378fa3e9595a4d9aa208601bdd7bc

  • SHA512

    b53f430eba5fd6748b67c1a34e6188c09ad5dc52327c070bb812e176b92b83c1a35cfa0053d5d5921b94012ae9b5e97c3ec6d3ea111d224a901d6604095263be

  • SSDEEP

    6144:CvNcF7Kk1SAa5i2mfLPrzOMWRTco+7ASGdHhyUZwS4:CvNo+nAa5gnXo+c8aT4

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2