General
-
Target
0b7fe668c9b76386e94f5ed5b40edc35215893d2e7caca284179fbaf2f37b252
-
Size
428KB
-
Sample
240403-lrmgqacb79
-
MD5
e67ff9ca8817b687125e9f771fb5c3f7
-
SHA1
5cb466183dfbd1c99cfa45638282a05ded2bb903
-
SHA256
0b7fe668c9b76386e94f5ed5b40edc35215893d2e7caca284179fbaf2f37b252
-
SHA512
f8a68f95b4a2134d0fd65f28eab2c6828502c8d01a5e2da3862d932cec87ff9b8eac4e6311e247b63cc1198f8fc29327bbf67fff0d9f616ebe42a77bb92202f4
-
SSDEEP
6144:u2gMYfrVIRqhFcje+qC47pNs6G6u2PcHpzGeAQ9BTOPEF:u2+frVVhevql7/FPsHpdOPEF
Static task
static1
Behavioral task
behavioral1
Sample
0b7fe668c9b76386e94f5ed5b40edc35215893d2e7caca284179fbaf2f37b252.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
0b7fe668c9b76386e94f5ed5b40edc35215893d2e7caca284179fbaf2f37b252
-
Size
428KB
-
MD5
e67ff9ca8817b687125e9f771fb5c3f7
-
SHA1
5cb466183dfbd1c99cfa45638282a05ded2bb903
-
SHA256
0b7fe668c9b76386e94f5ed5b40edc35215893d2e7caca284179fbaf2f37b252
-
SHA512
f8a68f95b4a2134d0fd65f28eab2c6828502c8d01a5e2da3862d932cec87ff9b8eac4e6311e247b63cc1198f8fc29327bbf67fff0d9f616ebe42a77bb92202f4
-
SSDEEP
6144:u2gMYfrVIRqhFcje+qC47pNs6G6u2PcHpzGeAQ9BTOPEF:u2+frVVhevql7/FPsHpdOPEF
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-