General

  • Target

    8c06732ee3641ec76dee07a97da572d1d6d5e3e7ff92fc9add20695e8e8b62e1

  • Size

    430KB

  • Sample

    240403-l3dnysbh4t

  • MD5

    b3959239e1f428e64b0c4e87732e77fe

  • SHA1

    14ee7cca030a2bd297b6a9e484c4fed230034709

  • SHA256

    8c06732ee3641ec76dee07a97da572d1d6d5e3e7ff92fc9add20695e8e8b62e1

  • SHA512

    5ed4d4662a96a1c1371535c437e120ea5644449ea821c08f2309784d62358c5e10114f56c6142d159750879fa31a32dd3a3ba14214e4051e41e481099741e2ca

  • SSDEEP

    6144:bRogLY4nz1fLCkyz7eqPugFfw3HpRcm0yvV4Z+FzA6hjwQS/HlBTiEO:bRPnz1ukyzaqWgFwJymXvVvbkz/riEO

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      8c06732ee3641ec76dee07a97da572d1d6d5e3e7ff92fc9add20695e8e8b62e1

    • Size

      430KB

    • MD5

      b3959239e1f428e64b0c4e87732e77fe

    • SHA1

      14ee7cca030a2bd297b6a9e484c4fed230034709

    • SHA256

      8c06732ee3641ec76dee07a97da572d1d6d5e3e7ff92fc9add20695e8e8b62e1

    • SHA512

      5ed4d4662a96a1c1371535c437e120ea5644449ea821c08f2309784d62358c5e10114f56c6142d159750879fa31a32dd3a3ba14214e4051e41e481099741e2ca

    • SSDEEP

      6144:bRogLY4nz1fLCkyz7eqPugFfw3HpRcm0yvV4Z+FzA6hjwQS/HlBTiEO:bRPnz1ukyzaqWgFwJymXvVvbkz/riEO

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks