General
-
Target
af271635769a25227a5789e016260ed3.exe
-
Size
456KB
-
Sample
240428-g4bhrsab3x
-
MD5
af271635769a25227a5789e016260ed3
-
SHA1
90cadd5ff7263ea00a6d55be038d4c86764c44ad
-
SHA256
e4847e1dafb9f7c429cab477f942d7bbcd47646594c7354b8cb35078de6c606c
-
SHA512
4948494bd9b11b7d83b688e82495eb91fdc34819fb7cf9703812496a8e90ccb155fe5d8bbacb3c36e064a08a443736da643f5b44e94e6e5c092e14b81335ed14
-
SSDEEP
12288:SMAzoV3Y9YLR4W/Rt7yL794skEZUXwE8X:IoV3Y9YLRN/XQUOUXwE8X
Static task
static1
Behavioral task
behavioral1
Sample
af271635769a25227a5789e016260ed3.exe
Resource
win7-20240220-en
Malware Config
Extracted
stealc
http://185.172.128.62
-
url_path
/902e53a07830e030.php
Targets
-
-
Target
af271635769a25227a5789e016260ed3.exe
-
Size
456KB
-
MD5
af271635769a25227a5789e016260ed3
-
SHA1
90cadd5ff7263ea00a6d55be038d4c86764c44ad
-
SHA256
e4847e1dafb9f7c429cab477f942d7bbcd47646594c7354b8cb35078de6c606c
-
SHA512
4948494bd9b11b7d83b688e82495eb91fdc34819fb7cf9703812496a8e90ccb155fe5d8bbacb3c36e064a08a443736da643f5b44e94e6e5c092e14b81335ed14
-
SSDEEP
12288:SMAzoV3Y9YLR4W/Rt7yL794skEZUXwE8X:IoV3Y9YLRN/XQUOUXwE8X
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-