General
-
Target
9ae1f0766880b9a94dc3459af9c992e169f34ac2e298230a45be01b3532bc002
-
Size
430KB
-
Sample
240403-l1p9zabh2s
-
MD5
64b1c3bf54f10035ec1306139a2a8fd4
-
SHA1
b8a94cb6c5847eb910687d9dd10405b8afdedbb6
-
SHA256
9ae1f0766880b9a94dc3459af9c992e169f34ac2e298230a45be01b3532bc002
-
SHA512
88de2c59e0092f43136faaf7cebbd68d7713b96e550e8983369c7953310015d7009da9829a35c170c9d2028e35fc2f456f587125b89521a49c0f618bd5afe427
-
SSDEEP
6144:bRogLY4nz1fLCkyz7eqPugFfw3HpRcm0yvV4Z+FzA6hjwQS/HlBTiEH:bRPnz1ukyzaqWgFwJymXvVvbkz/riEH
Static task
static1
Behavioral task
behavioral1
Sample
9ae1f0766880b9a94dc3459af9c992e169f34ac2e298230a45be01b3532bc002.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
9ae1f0766880b9a94dc3459af9c992e169f34ac2e298230a45be01b3532bc002
-
Size
430KB
-
MD5
64b1c3bf54f10035ec1306139a2a8fd4
-
SHA1
b8a94cb6c5847eb910687d9dd10405b8afdedbb6
-
SHA256
9ae1f0766880b9a94dc3459af9c992e169f34ac2e298230a45be01b3532bc002
-
SHA512
88de2c59e0092f43136faaf7cebbd68d7713b96e550e8983369c7953310015d7009da9829a35c170c9d2028e35fc2f456f587125b89521a49c0f618bd5afe427
-
SSDEEP
6144:bRogLY4nz1fLCkyz7eqPugFfw3HpRcm0yvV4Z+FzA6hjwQS/HlBTiEH:bRPnz1ukyzaqWgFwJymXvVvbkz/riEH
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-