General
-
Target
6c64da10ffbc6c1bbf4ee8121b5d83613e25958d8b0a09c63b7093fb23ab4c84
-
Size
430KB
-
Sample
240403-l29p1acd32
-
MD5
3d29696c9c5226d46c1621aba66e6878
-
SHA1
1888cded2f24f5e6b3e2cef17ce79aaf5864b010
-
SHA256
6c64da10ffbc6c1bbf4ee8121b5d83613e25958d8b0a09c63b7093fb23ab4c84
-
SHA512
e952a8df3efdca0c9b53e22bb18bd057b4848d9378d1d033ff61ead1ad4fae3b2adee7d28bf9166b05153fb9f797a77f8ae1cfef37f21b8c3bd89955ce14897e
-
SSDEEP
6144:bRogLY4nz1fLCkyz7eqPugFfw3HpRcm0yvV4Z+FzA6hjwQS/HlBTiEE:bRPnz1ukyzaqWgFwJymXvVvbkz/riEE
Static task
static1
Behavioral task
behavioral1
Sample
6c64da10ffbc6c1bbf4ee8121b5d83613e25958d8b0a09c63b7093fb23ab4c84.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
6c64da10ffbc6c1bbf4ee8121b5d83613e25958d8b0a09c63b7093fb23ab4c84
-
Size
430KB
-
MD5
3d29696c9c5226d46c1621aba66e6878
-
SHA1
1888cded2f24f5e6b3e2cef17ce79aaf5864b010
-
SHA256
6c64da10ffbc6c1bbf4ee8121b5d83613e25958d8b0a09c63b7093fb23ab4c84
-
SHA512
e952a8df3efdca0c9b53e22bb18bd057b4848d9378d1d033ff61ead1ad4fae3b2adee7d28bf9166b05153fb9f797a77f8ae1cfef37f21b8c3bd89955ce14897e
-
SSDEEP
6144:bRogLY4nz1fLCkyz7eqPugFfw3HpRcm0yvV4Z+FzA6hjwQS/HlBTiEE:bRPnz1ukyzaqWgFwJymXvVvbkz/riEE
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-