Extracted

• • Target

    72f2648a4109f589ff722f22632164bacb30fd4985d876f5901907233a5e99a2

  • Size

    384KB

  • MD5

    642ee754e2e9ed42d93b0f942374089c

  • SHA1

    7df1eca67d315d7caab990474086e980d63724c3

  • SHA256

    72f2648a4109f589ff722f22632164bacb30fd4985d876f5901907233a5e99a2

  • SHA512

    05bb11efcff946adbfd53ce24dba108dc736e8b5eec808d977903d37f9e64d9d7717c795765cc8ed200034d601d6c27b724c97791b90016088d388fcc224e222

  • SSDEEP

    6144:CvNcF7Kk1SAa5i2mfLPrzOMWRTco+7ASGdHhyUZwS/:CvNo+nAa5gnXo+c8aT/

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2