General
-
Target
cb965b05dcbbce45dedbb773f04bbd27.exe
-
Size
456KB
-
Sample
240428-leq95sch2t
-
MD5
cb965b05dcbbce45dedbb773f04bbd27
-
SHA1
e5868eb8d109ec1915c216b0e0034c70239284e7
-
SHA256
5d50da95084a0735e89b49a9d3684e897428993ae9ae65c9d3dd839d231a1344
-
SHA512
8d9e87cce8f70aa6290bd7571bbb7a453281e76c94643e56a1ec5191e0e2c8c1f4bdd5e8e7d6af8e94312f6861ac9fc9b926e9ad1b6918bf10d0951549f6ab62
-
SSDEEP
6144:Hb1m+ZBBrVw6UuNeqsGqJJ2hUOWXzt1YyQut4Mq75gQ/l67I2XDihjZd0:7c+5vdsGguOt1YyN4MyN/EQZd0
Static task
static1
Behavioral task
behavioral1
Sample
cb965b05dcbbce45dedbb773f04bbd27.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
cb965b05dcbbce45dedbb773f04bbd27.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.62
-
url_path
/902e53a07830e030.php
Targets
-
-
Target
cb965b05dcbbce45dedbb773f04bbd27.exe
-
Size
456KB
-
MD5
cb965b05dcbbce45dedbb773f04bbd27
-
SHA1
e5868eb8d109ec1915c216b0e0034c70239284e7
-
SHA256
5d50da95084a0735e89b49a9d3684e897428993ae9ae65c9d3dd839d231a1344
-
SHA512
8d9e87cce8f70aa6290bd7571bbb7a453281e76c94643e56a1ec5191e0e2c8c1f4bdd5e8e7d6af8e94312f6861ac9fc9b926e9ad1b6918bf10d0951549f6ab62
-
SSDEEP
6144:Hb1m+ZBBrVw6UuNeqsGqJJ2hUOWXzt1YyQut4Mq75gQ/l67I2XDihjZd0:7c+5vdsGguOt1YyN4MyN/EQZd0
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-