Extracted

• • Target

    e539050e1d5a7f6fb3a00d623dc41c47a636a6804d45c0b42543ba7cbaeb4b1c

  • Size

    382KB

  • MD5

    ffa9e34a4631cabb38b38c84a54423d1

  • SHA1

    94c3d06ce4611c5e5a4cd9eaae9dfc1f3defe8ac

  • SHA256

    e539050e1d5a7f6fb3a00d623dc41c47a636a6804d45c0b42543ba7cbaeb4b1c

  • SHA512

    344fd78ade224723aa5e032d15e5d7ae35cab2e990ff4fda9a4681bfd8a5d02d04a81065488d83e09ddcfc24041e1d85eb682ca2ace6c7a3a717f2cff0b55027

  • SSDEEP

    6144:6vNgu2vVzeAvNremF2xnbfS13eB43pvuL7HpyEeJKXM:6vNL2vVSzmQxnbf4mCSHpy9JKXM

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2