General
-
Target
fd8a03affa0471fc2998e8e232ed9289aeed232cbadcdd4d793b4be7d849b100
-
Size
430KB
-
Sample
240403-l1rsssbh2t
-
MD5
60e18f2441aaecfdc34d14554f6e0219
-
SHA1
f810c5fd2fee6efa9f6aabfc8c2dd3de8cecd06d
-
SHA256
fd8a03affa0471fc2998e8e232ed9289aeed232cbadcdd4d793b4be7d849b100
-
SHA512
ea808790b7350bd81b6458997215165cb99249fb1a1603f418709b3ac14b4aa7af1827b564a403beafb41ccd0bd557daab1f5750655f8090718481d9ed7d9d2b
-
SSDEEP
6144:bRogLY4nz1fLCkyz7eqPugFfw3HpRcm0yvV4Z+FzA6hjwQS/HlBTiEL:bRPnz1ukyzaqWgFwJymXvVvbkz/riEL
Static task
static1
Behavioral task
behavioral1
Sample
fd8a03affa0471fc2998e8e232ed9289aeed232cbadcdd4d793b4be7d849b100.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
fd8a03affa0471fc2998e8e232ed9289aeed232cbadcdd4d793b4be7d849b100
-
Size
430KB
-
MD5
60e18f2441aaecfdc34d14554f6e0219
-
SHA1
f810c5fd2fee6efa9f6aabfc8c2dd3de8cecd06d
-
SHA256
fd8a03affa0471fc2998e8e232ed9289aeed232cbadcdd4d793b4be7d849b100
-
SHA512
ea808790b7350bd81b6458997215165cb99249fb1a1603f418709b3ac14b4aa7af1827b564a403beafb41ccd0bd557daab1f5750655f8090718481d9ed7d9d2b
-
SSDEEP
6144:bRogLY4nz1fLCkyz7eqPugFfw3HpRcm0yvV4Z+FzA6hjwQS/HlBTiEL:bRPnz1ukyzaqWgFwJymXvVvbkz/riEL
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-