General
-
Target
8c06732ee3641ec76dee07a97da572d1d6d5e3e7ff92fc9add20695e8e8b62e1
-
Size
430KB
-
Sample
240403-l3dnysbh4t
-
MD5
b3959239e1f428e64b0c4e87732e77fe
-
SHA1
14ee7cca030a2bd297b6a9e484c4fed230034709
-
SHA256
8c06732ee3641ec76dee07a97da572d1d6d5e3e7ff92fc9add20695e8e8b62e1
-
SHA512
5ed4d4662a96a1c1371535c437e120ea5644449ea821c08f2309784d62358c5e10114f56c6142d159750879fa31a32dd3a3ba14214e4051e41e481099741e2ca
-
SSDEEP
6144:bRogLY4nz1fLCkyz7eqPugFfw3HpRcm0yvV4Z+FzA6hjwQS/HlBTiEO:bRPnz1ukyzaqWgFwJymXvVvbkz/riEO
Static task
static1
Behavioral task
behavioral1
Sample
8c06732ee3641ec76dee07a97da572d1d6d5e3e7ff92fc9add20695e8e8b62e1.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
8c06732ee3641ec76dee07a97da572d1d6d5e3e7ff92fc9add20695e8e8b62e1
-
Size
430KB
-
MD5
b3959239e1f428e64b0c4e87732e77fe
-
SHA1
14ee7cca030a2bd297b6a9e484c4fed230034709
-
SHA256
8c06732ee3641ec76dee07a97da572d1d6d5e3e7ff92fc9add20695e8e8b62e1
-
SHA512
5ed4d4662a96a1c1371535c437e120ea5644449ea821c08f2309784d62358c5e10114f56c6142d159750879fa31a32dd3a3ba14214e4051e41e481099741e2ca
-
SSDEEP
6144:bRogLY4nz1fLCkyz7eqPugFfw3HpRcm0yvV4Z+FzA6hjwQS/HlBTiEO:bRPnz1ukyzaqWgFwJymXvVvbkz/riEO
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-