Extracted

• • Target

    f30f30f904872d74547a81b4d6ed6dfd57ec0602de595bedb098281ac886954f

  • Size

    384KB

  • MD5

    781b319373a1ceaf8d629467af244f95

  • SHA1

    bd277cc36925b4f0717a15230d11d7a1f6663a01

  • SHA256

    f30f30f904872d74547a81b4d6ed6dfd57ec0602de595bedb098281ac886954f

  • SHA512

    3cfef8762b5d5db02247705f0edc1b568a7d1cb045616a199a1dd7735ed45fd56ddc857b307a0de2ca00d11913dec36a15ab7b7e65d2bd9442e3ddc6678d0cc4

  • SSDEEP

    6144:ujfcaXBXkd86TbOMLd1KsPTNqG5Tcq9kdilO1SnO3IExF:87XN6T9RpRAq3O1SnQ3F

  Score

  10^/10

  stealczgratdiscoveryratspywarestealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2