General

  • Target

    ac15ae1e49f4272e8d38b5fd5573ce35

  • Size

    81KB

  • Sample

    240130-ej9hyshcgn

  • MD5

    ac15ae1e49f4272e8d38b5fd5573ce35

  • SHA1

    93a70b449926995d458b9513b8b36e988f73dc8a

  • SHA256

    c886e938dd26ca17bd29feea36d4c487483bb05d86b3c382e045b88925b27149

  • SHA512

    23d7977aeac5a2f1856861519b34dbbd4aa52ed003d4001b73435024266d258d765613a3be8a1e2ae67548f9eb69f662925d663f8321f1610f200af6258025f8

  • SSDEEP

    1536:D7Vs/tSdQLcSjAA0C0rEr2ofgNTX0g/+PmN/10BmglZqiqazVkP5tJCFPzRUR2lX:D5MmQLcxAarEDINTD/+Pmn0BmgnpzmcP

Malware Config

Extracted

Family

stealerium

C2

https://discordapp.com/api/webhooks/1197850806213431377/-zU9uA2NeaYEk4-ozdhgmNljI6NS_w_qcT_cbtxYxZdkUD3JeaKChZp4GXdod-MX3D1Q

Targets

    • Target

      ac15ae1e49f4272e8d38b5fd5573ce35

    • Size

      81KB

    • MD5

      ac15ae1e49f4272e8d38b5fd5573ce35

    • SHA1

      93a70b449926995d458b9513b8b36e988f73dc8a

    • SHA256

      c886e938dd26ca17bd29feea36d4c487483bb05d86b3c382e045b88925b27149

    • SHA512

      23d7977aeac5a2f1856861519b34dbbd4aa52ed003d4001b73435024266d258d765613a3be8a1e2ae67548f9eb69f662925d663f8321f1610f200af6258025f8

    • SSDEEP

      1536:D7Vs/tSdQLcSjAA0C0rEr2ofgNTX0g/+PmN/10BmglZqiqazVkP5tJCFPzRUR2lX:D5MmQLcxAarEDINTD/+Pmn0BmgnpzmcP

    • Detect ZGRat V1

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks