General

  • Target

    0ef57d60d1938757f4240879f1558b0832426b34a9ccc28b561addaf2e605092

  • Size

    428KB

  • Sample

    240403-lty9asbg3y

  • MD5

    edb29c00dc0321414b41a5c84ca0dde2

  • SHA1

    0db16d2c53980a869828b8bb83238f163b62234a

  • SHA256

    0ef57d60d1938757f4240879f1558b0832426b34a9ccc28b561addaf2e605092

  • SHA512

    335f32a03f0bd4d8af73c51c6cb764eb47ded8205b4249fbcbfb314a2b2cf72efff07890ce99b5e3f81d9d6dd5875465a32316fa47a2c624a26fb2c9fba2d3da

  • SSDEEP

    6144:u2gMYfrVIRqhFcje+qC47pNs6G6u2PcHpzGeAQ9BTOPEH:u2+frVVhevql7/FPsHpdOPEH

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      0ef57d60d1938757f4240879f1558b0832426b34a9ccc28b561addaf2e605092

    • Size

      428KB

    • MD5

      edb29c00dc0321414b41a5c84ca0dde2

    • SHA1

      0db16d2c53980a869828b8bb83238f163b62234a

    • SHA256

      0ef57d60d1938757f4240879f1558b0832426b34a9ccc28b561addaf2e605092

    • SHA512

      335f32a03f0bd4d8af73c51c6cb764eb47ded8205b4249fbcbfb314a2b2cf72efff07890ce99b5e3f81d9d6dd5875465a32316fa47a2c624a26fb2c9fba2d3da

    • SSDEEP

      6144:u2gMYfrVIRqhFcje+qC47pNs6G6u2PcHpzGeAQ9BTOPEH:u2+frVVhevql7/FPsHpdOPEH

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks