General
-
Target
c53639713fc373fabad80a7e93956ab8.exe
-
Size
456KB
-
Sample
240428-llgdhscg47
-
MD5
c53639713fc373fabad80a7e93956ab8
-
SHA1
fdd3a2094699e5b9326b418e995c7ac1b15e2d89
-
SHA256
8380469f59a99421ac025c84ac03141e73843d97885b2681474f185ba12796b3
-
SHA512
5ec1304438737f35f29aed12209f2df14386f844d8424335acc851f49a2277f4cee7cb0277de64bfff2e5cc70724a827a6bc636b02dc61b3f87d4763a369f71b
-
SSDEEP
6144:Hb1m+ZBBrVw6UuNeqsGqJJ2hUOWXzt1YyQut4Mq75gQ/l67I2XDihjZd+:7c+5vdsGguOt1YyN4MyN/EQZd+
Static task
static1
Behavioral task
behavioral1
Sample
c53639713fc373fabad80a7e93956ab8.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
c53639713fc373fabad80a7e93956ab8.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.62
-
url_path
/902e53a07830e030.php
Targets
-
-
Target
c53639713fc373fabad80a7e93956ab8.exe
-
Size
456KB
-
MD5
c53639713fc373fabad80a7e93956ab8
-
SHA1
fdd3a2094699e5b9326b418e995c7ac1b15e2d89
-
SHA256
8380469f59a99421ac025c84ac03141e73843d97885b2681474f185ba12796b3
-
SHA512
5ec1304438737f35f29aed12209f2df14386f844d8424335acc851f49a2277f4cee7cb0277de64bfff2e5cc70724a827a6bc636b02dc61b3f87d4763a369f71b
-
SSDEEP
6144:Hb1m+ZBBrVw6UuNeqsGqJJ2hUOWXzt1YyQut4Mq75gQ/l67I2XDihjZd+:7c+5vdsGguOt1YyN4MyN/EQZd+
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-