General

  • Target

    0b7fe668c9b76386e94f5ed5b40edc35215893d2e7caca284179fbaf2f37b252

  • Size

    428KB

  • Sample

    240403-lrmgqacb79

  • MD5

    e67ff9ca8817b687125e9f771fb5c3f7

  • SHA1

    5cb466183dfbd1c99cfa45638282a05ded2bb903

  • SHA256

    0b7fe668c9b76386e94f5ed5b40edc35215893d2e7caca284179fbaf2f37b252

  • SHA512

    f8a68f95b4a2134d0fd65f28eab2c6828502c8d01a5e2da3862d932cec87ff9b8eac4e6311e247b63cc1198f8fc29327bbf67fff0d9f616ebe42a77bb92202f4

  • SSDEEP

    6144:u2gMYfrVIRqhFcje+qC47pNs6G6u2PcHpzGeAQ9BTOPEF:u2+frVVhevql7/FPsHpdOPEF

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      0b7fe668c9b76386e94f5ed5b40edc35215893d2e7caca284179fbaf2f37b252

    • Size

      428KB

    • MD5

      e67ff9ca8817b687125e9f771fb5c3f7

    • SHA1

      5cb466183dfbd1c99cfa45638282a05ded2bb903

    • SHA256

      0b7fe668c9b76386e94f5ed5b40edc35215893d2e7caca284179fbaf2f37b252

    • SHA512

      f8a68f95b4a2134d0fd65f28eab2c6828502c8d01a5e2da3862d932cec87ff9b8eac4e6311e247b63cc1198f8fc29327bbf67fff0d9f616ebe42a77bb92202f4

    • SSDEEP

      6144:u2gMYfrVIRqhFcje+qC47pNs6G6u2PcHpzGeAQ9BTOPEF:u2+frVVhevql7/FPsHpdOPEF

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks