Extracted

• • Target

    fab860ca07692e3f3f2c438a9faf142288fdbcbb43edf24e8b3b88683a529477

  • Size

    384KB

  • MD5

    0f39626443b9a5ecbdac24c96e12728a

  • SHA1

    04c402e550534f0871471f5b80fc5723f283f25c

  • SHA256

    fab860ca07692e3f3f2c438a9faf142288fdbcbb43edf24e8b3b88683a529477

  • SHA512

    9b74eea35b9ed7ea5e286ec29a676407f72a63c3d90c22616d73d0626a0cf656d9e1aaafd8c07021c38c8bf9cc75cd1a6b6ca4f7198f07c8794aad1d4bf618e6

  • SSDEEP

    6144:2nNm4Za4Cv1GOuLzYI0dBXV9TCS/lMEGFZCTiQJ0s8:2nNNZg1GOuL5SV9TNyEGFTQP8

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2