Extracted

• • Target

    d2d72e06cb0e2a6a1b8249a721e594ceafc1d6e28b232a9278578d027e2085b8

  • Size

    373KB

  • MD5

    90f93669bbe5906f970a1e91ccbca99c

  • SHA1

    bb3592d25b0d808418d89f8fe26c61aec1a3b377

  • SHA256

    d2d72e06cb0e2a6a1b8249a721e594ceafc1d6e28b232a9278578d027e2085b8

  • SHA512

    48530937cb2d08d7b2b070bb89f339b8f6c96e3c1227b01ff1235a85f1d2cbcaea072fdfe67ec42e30137ec3bb3ea43e3a4cff7e0625c180fb52d30696581cde

  • SSDEEP

    6144:AgXLk9lsA7WNFchU6wxpMoyZVn4lt2DSTZATjxhNUP2uxZ698Obd3Tuto4:AgXLk91ar1rKRn4lAQ+1hNUOr9HxuS4

  Score

  10^/10

  stealczgratdiscoveryratspywarestealer

  • Detect ZGRat V1

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2