General
-
Target
0ef57d60d1938757f4240879f1558b0832426b34a9ccc28b561addaf2e605092
-
Size
428KB
-
Sample
240403-lty9asbg3y
-
MD5
edb29c00dc0321414b41a5c84ca0dde2
-
SHA1
0db16d2c53980a869828b8bb83238f163b62234a
-
SHA256
0ef57d60d1938757f4240879f1558b0832426b34a9ccc28b561addaf2e605092
-
SHA512
335f32a03f0bd4d8af73c51c6cb764eb47ded8205b4249fbcbfb314a2b2cf72efff07890ce99b5e3f81d9d6dd5875465a32316fa47a2c624a26fb2c9fba2d3da
-
SSDEEP
6144:u2gMYfrVIRqhFcje+qC47pNs6G6u2PcHpzGeAQ9BTOPEH:u2+frVVhevql7/FPsHpdOPEH
Static task
static1
Behavioral task
behavioral1
Sample
0ef57d60d1938757f4240879f1558b0832426b34a9ccc28b561addaf2e605092.exe
Resource
win10v2004-20240319-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
0ef57d60d1938757f4240879f1558b0832426b34a9ccc28b561addaf2e605092
-
Size
428KB
-
MD5
edb29c00dc0321414b41a5c84ca0dde2
-
SHA1
0db16d2c53980a869828b8bb83238f163b62234a
-
SHA256
0ef57d60d1938757f4240879f1558b0832426b34a9ccc28b561addaf2e605092
-
SHA512
335f32a03f0bd4d8af73c51c6cb764eb47ded8205b4249fbcbfb314a2b2cf72efff07890ce99b5e3f81d9d6dd5875465a32316fa47a2c624a26fb2c9fba2d3da
-
SSDEEP
6144:u2gMYfrVIRqhFcje+qC47pNs6G6u2PcHpzGeAQ9BTOPEH:u2+frVVhevql7/FPsHpdOPEH
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-