General
-
Target
f141b5eee77d2391f8ff169914873e1219c2b47ebfde2b5bdfc0af7c6e08217b.exe
-
Size
5.3MB
-
Sample
240315-c5hagsee5w
-
MD5
4eda5246e489dfa5edadc1a46221b9b6
-
SHA1
5d11b441365ea64090f34c68b4cf47b9d2d701dc
-
SHA256
f141b5eee77d2391f8ff169914873e1219c2b47ebfde2b5bdfc0af7c6e08217b
-
SHA512
783b801030b15b53633509ed36c815d928a67e9c833d2c8a2cc368fda8a5b76386c34ca767636d0fd3d0262ee059af89784324701eac46f4867f8ea9e74f4625
-
SSDEEP
49152:Kh8VUIicvXIXj97Nf50oyGRUxhtIHsWZsn+We5l7BGthQ3QTNxGSr+GiM+t2aVo/:Kh8VUIi4XIp7Nh0asO5JoHt7XXA2psO
Behavioral task
behavioral1
Sample
f141b5eee77d2391f8ff169914873e1219c2b47ebfde2b5bdfc0af7c6e08217b.exe
Resource
win7-20231129-en
Malware Config
Extracted
stealc
http://94.156.8.100
-
url_path
/5dce321003e6a6b5.php
Targets
-
-
Target
f141b5eee77d2391f8ff169914873e1219c2b47ebfde2b5bdfc0af7c6e08217b.exe
-
Size
5.3MB
-
MD5
4eda5246e489dfa5edadc1a46221b9b6
-
SHA1
5d11b441365ea64090f34c68b4cf47b9d2d701dc
-
SHA256
f141b5eee77d2391f8ff169914873e1219c2b47ebfde2b5bdfc0af7c6e08217b
-
SHA512
783b801030b15b53633509ed36c815d928a67e9c833d2c8a2cc368fda8a5b76386c34ca767636d0fd3d0262ee059af89784324701eac46f4867f8ea9e74f4625
-
SSDEEP
49152:Kh8VUIicvXIXj97Nf50oyGRUxhtIHsWZsn+We5l7BGthQ3QTNxGSr+GiM+t2aVo/:Kh8VUIi4XIp7Nh0asO5JoHt7XXA2psO
-
Detect ZGRat V1
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables packed with Dotfuscator
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-