Extracted

• • Target

    d719fb243a6d2ad33a76aa78ee66f4763a36c78a2373a01de223fb5c27b722da

  • Size

    384KB

  • MD5

    f969256486cae8c6c357924481ec86ee

  • SHA1

    95f91c8a6539700b4dd6077ba3a778c13bc72d4d

  • SHA256

    d719fb243a6d2ad33a76aa78ee66f4763a36c78a2373a01de223fb5c27b722da

  • SHA512

    106959ab072744ae5ce79cbc627040dbd32bb416407ca7d1f848ae49dbb609f900c0f34696fc5e30c5418d889b5c07b35d5a0f9b4f1be1e662621ba2c4491e16

  • SSDEEP

    6144:2nNm4Za4Cv1GOuLzYI0dBXV9TCS/lMEGFZCTiQJ0s4:2nNNZg1GOuL5SV9TNyEGFTQP4

  Score

  10^/10

  stealczgratdiscoveryratstealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2