Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    41f18edbe2ab7b4c47563d7e6d271911e9a2c4b11b97d03a63b7be0bb7bbf045

  • Size

    409KB

  • Sample

    240401-lj8pzsbb43

  • MD5

    5722a79e15aba6244e3fc37ff79626b3

  • SHA1

    e1e1811197f2eb586c35a8c808cae388d68cbc29

  • SHA256

    41f18edbe2ab7b4c47563d7e6d271911e9a2c4b11b97d03a63b7be0bb7bbf045

  • SHA512

    257f13184462992d8f00fc2cc47a590243cf040a50d48f52bd7362b33a0d102ec36f22f84bbdcbcc1460a3f4a5545acf0e3854266482dae09333d781c377efb4

  • SSDEEP

    6144:07SHUo6LpD726DEVLunVQ3MUkmIp7dnMEpA7sCmD0AiV:0eHUo6F/2iHVQ8UkmIpxMECmI5V

Score
10/10
buerstealczgratdiscoveryloaderratspywarestealer

Malware Config

Targets

    • Target

      41f18edbe2ab7b4c47563d7e6d271911e9a2c4b11b97d03a63b7be0bb7bbf045

    • Size

      409KB

    • MD5

      5722a79e15aba6244e3fc37ff79626b3

    • SHA1

      e1e1811197f2eb586c35a8c808cae388d68cbc29

    • SHA256

      41f18edbe2ab7b4c47563d7e6d271911e9a2c4b11b97d03a63b7be0bb7bbf045

    • SHA512

      257f13184462992d8f00fc2cc47a590243cf040a50d48f52bd7362b33a0d102ec36f22f84bbdcbcc1460a3f4a5545acf0e3854266482dae09333d781c377efb4

    • SSDEEP

      6144:07SHUo6LpD726DEVLunVQ3MUkmIp7dnMEpA7sCmD0AiV:0eHUo6F/2iHVQ8UkmIpxMECmI5V

    Score
    10/10
    buerstealczgratdiscoveryloaderratspywarestealer

    • Buer

      Buer is a new modular loader first seen in August 2019.

      loaderbuer

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks