General
-
Target
ac15ae1e49f4272e8d38b5fd5573ce35
-
Size
81KB
-
Sample
240130-ejqqvahcgl
-
MD5
ac15ae1e49f4272e8d38b5fd5573ce35
-
SHA1
93a70b449926995d458b9513b8b36e988f73dc8a
-
SHA256
c886e938dd26ca17bd29feea36d4c487483bb05d86b3c382e045b88925b27149
-
SHA512
23d7977aeac5a2f1856861519b34dbbd4aa52ed003d4001b73435024266d258d765613a3be8a1e2ae67548f9eb69f662925d663f8321f1610f200af6258025f8
-
SSDEEP
1536:D7Vs/tSdQLcSjAA0C0rEr2ofgNTX0g/+PmN/10BmglZqiqazVkP5tJCFPzRUR2lX:D5MmQLcxAarEDINTD/+Pmn0BmgnpzmcP
Static task
static1
Behavioral task
behavioral1
Sample
ac15ae1e49f4272e8d38b5fd5573ce35.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
ac15ae1e49f4272e8d38b5fd5573ce35.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
stealerium
https://discordapp.com/api/webhooks/1197850806213431377/-zU9uA2NeaYEk4-ozdhgmNljI6NS_w_qcT_cbtxYxZdkUD3JeaKChZp4GXdod-MX3D1Q
Targets
-
-
Target
ac15ae1e49f4272e8d38b5fd5573ce35
-
Size
81KB
-
MD5
ac15ae1e49f4272e8d38b5fd5573ce35
-
SHA1
93a70b449926995d458b9513b8b36e988f73dc8a
-
SHA256
c886e938dd26ca17bd29feea36d4c487483bb05d86b3c382e045b88925b27149
-
SHA512
23d7977aeac5a2f1856861519b34dbbd4aa52ed003d4001b73435024266d258d765613a3be8a1e2ae67548f9eb69f662925d663f8321f1610f200af6258025f8
-
SSDEEP
1536:D7Vs/tSdQLcSjAA0C0rEr2ofgNTX0g/+PmN/10BmglZqiqazVkP5tJCFPzRUR2lX:D5MmQLcxAarEDINTD/+Pmn0BmgnpzmcP
Score10/10-
Detect ZGRat V1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-