General
-
Target
bossa.exe
-
Size
2.5MB
-
Sample
240130-ndjj1sgaem
-
MD5
31118351b8b0db68e9c1bc3ad1da8e7c
-
SHA1
adb461d4d199ea7367b65b185f47a10401e2ba97
-
SHA256
1d72f409f9089ba57b151f5836df00ba70480f1530c67b1a2c81fc9b50b7cbe2
-
SHA512
a9a3575d49a76da29df558023ea3d79e5fa9216c6ec58dc802b98ec12dfcaea71ae74b863626860f81aebd4ed1f5b7f76f90bdd84dc5a7e1741eb2bf52b73aa1
-
SSDEEP
49152:ywoUZ8Cps0BJDmN8wjp+ps8M+1tgVO8jrHWvrYz93513:E0LSNFUps8M+MVvr2zMn
Static task
static1
Behavioral task
behavioral1
Sample
bossa.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
bossa.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
stealerium
https://discordapp.com/api/webhooks/1197850806213431377/-zU9uA2NeaYEk4-ozdhgmNljI6NS_w_qcT_cbtxYxZdkUD3JeaKChZp4GXdod-MX3D1Q
Targets
-
-
Target
bossa.exe
-
Size
2.5MB
-
MD5
31118351b8b0db68e9c1bc3ad1da8e7c
-
SHA1
adb461d4d199ea7367b65b185f47a10401e2ba97
-
SHA256
1d72f409f9089ba57b151f5836df00ba70480f1530c67b1a2c81fc9b50b7cbe2
-
SHA512
a9a3575d49a76da29df558023ea3d79e5fa9216c6ec58dc802b98ec12dfcaea71ae74b863626860f81aebd4ed1f5b7f76f90bdd84dc5a7e1741eb2bf52b73aa1
-
SSDEEP
49152:ywoUZ8Cps0BJDmN8wjp+ps8M+1tgVO8jrHWvrYz93513:E0LSNFUps8M+MVvr2zMn
Score10/10-
Detect ZGRat V1
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-