General
-
Target
4b6587b1bf6e814096a570234ca0a2d7984c87ea42766f22fef3ce83ddd23414
-
Size
430KB
-
Sample
240403-l2ybzacd27
-
MD5
92b751e83820ce172f8743ea7e54c768
-
SHA1
7c263ece800fb370b117a13e8de936f535f03ed4
-
SHA256
4b6587b1bf6e814096a570234ca0a2d7984c87ea42766f22fef3ce83ddd23414
-
SHA512
343bf377086d5b0fa7c046684574e69e126a30d133f6e44159e9189f405933b375edc32ea3c87ad335f93e929ec8ba5f2609ea233c56bd98dae388b6f12510aa
-
SSDEEP
6144:bRogLY4nz1fLCkyz7eqPugFfw3HpRcm0yvV4Z+FzA6hjwQS/HlBTiEF:bRPnz1ukyzaqWgFwJymXvVvbkz/riEF
Static task
static1
Behavioral task
behavioral1
Sample
4b6587b1bf6e814096a570234ca0a2d7984c87ea42766f22fef3ce83ddd23414.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
4b6587b1bf6e814096a570234ca0a2d7984c87ea42766f22fef3ce83ddd23414
-
Size
430KB
-
MD5
92b751e83820ce172f8743ea7e54c768
-
SHA1
7c263ece800fb370b117a13e8de936f535f03ed4
-
SHA256
4b6587b1bf6e814096a570234ca0a2d7984c87ea42766f22fef3ce83ddd23414
-
SHA512
343bf377086d5b0fa7c046684574e69e126a30d133f6e44159e9189f405933b375edc32ea3c87ad335f93e929ec8ba5f2609ea233c56bd98dae388b6f12510aa
-
SSDEEP
6144:bRogLY4nz1fLCkyz7eqPugFfw3HpRcm0yvV4Z+FzA6hjwQS/HlBTiEF:bRPnz1ukyzaqWgFwJymXvVvbkz/riEF
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-