General
-
Target
81fd624d5955fe64fb4aaf78d83dcacf.exe
-
Size
456KB
-
Sample
240428-hftj4sac22
-
MD5
81fd624d5955fe64fb4aaf78d83dcacf
-
SHA1
296d5a7a5a2da67c5c8bcc2d821ba2549ef8ab26
-
SHA256
126d672929e69bcb66fd6cf50c6402ff1a100cf6640da4aff9f51511f9518c78
-
SHA512
81bf0a1730c645ba6baf007adef34994506d81138485544c1a128e263ef1d562d55548f12d81ffea997522fc226fc74ea4005c185fa99da2bc65fef994b1c6a4
-
SSDEEP
12288:SMAzoV3Y9YLR4W/Rt7yL794skEZUXwE8V:IoV3Y9YLRN/XQUOUXwE8V
Static task
static1
Behavioral task
behavioral1
Sample
81fd624d5955fe64fb4aaf78d83dcacf.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
81fd624d5955fe64fb4aaf78d83dcacf.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.62
-
url_path
/902e53a07830e030.php
Targets
-
-
Target
81fd624d5955fe64fb4aaf78d83dcacf.exe
-
Size
456KB
-
MD5
81fd624d5955fe64fb4aaf78d83dcacf
-
SHA1
296d5a7a5a2da67c5c8bcc2d821ba2549ef8ab26
-
SHA256
126d672929e69bcb66fd6cf50c6402ff1a100cf6640da4aff9f51511f9518c78
-
SHA512
81bf0a1730c645ba6baf007adef34994506d81138485544c1a128e263ef1d562d55548f12d81ffea997522fc226fc74ea4005c185fa99da2bc65fef994b1c6a4
-
SSDEEP
12288:SMAzoV3Y9YLR4W/Rt7yL794skEZUXwE8V:IoV3Y9YLRN/XQUOUXwE8V
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-