General
-
Target
174e64a4a86b44191bee5ee4015aa4305f23dd01f54733e8d52e41f58d1ab897
-
Size
405KB
-
Sample
240320-bwwwvadd58
-
MD5
03a61476e69db16ba28b4b64a73ba6c4
-
SHA1
66ff7efef741225d22029cfccc565adf1390cfa5
-
SHA256
174e64a4a86b44191bee5ee4015aa4305f23dd01f54733e8d52e41f58d1ab897
-
SHA512
e3de599597ef2eef2b3de40ce8e9c20c9e90f63ed44e07a7c647bef477ad5d9e29231e3549c725acf679ca1e29b1dcebfd4b7812216b962d0d0a6e776a1fb773
-
SSDEEP
6144:OnPh+ZRHwNYdsfZF5YEwb8VknY6YrpEsHY0tuBAXbkZLZUBriKRkk3v:CPh+ZRQSs/56b8xNfltHLk0rvRkav
Malware Config
Extracted
stealc
http://185.172.128.145
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
174e64a4a86b44191bee5ee4015aa4305f23dd01f54733e8d52e41f58d1ab897
-
Size
405KB
-
MD5
03a61476e69db16ba28b4b64a73ba6c4
-
SHA1
66ff7efef741225d22029cfccc565adf1390cfa5
-
SHA256
174e64a4a86b44191bee5ee4015aa4305f23dd01f54733e8d52e41f58d1ab897
-
SHA512
e3de599597ef2eef2b3de40ce8e9c20c9e90f63ed44e07a7c647bef477ad5d9e29231e3549c725acf679ca1e29b1dcebfd4b7812216b962d0d0a6e776a1fb773
-
SSDEEP
6144:OnPh+ZRHwNYdsfZF5YEwb8VknY6YrpEsHY0tuBAXbkZLZUBriKRkk3v:CPh+ZRQSs/56b8xNfltHLk0rvRkav
Score10/10-
Detect ZGRat V1
-
Stealc
Stealc is an infostealer written in C++.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-