General

  • Target

    4a7702109617d79d6f6fbf417a724fbfef11a536e2745cf49ffbdf3f76ae248e

  • Size

    428KB

  • Sample

    240403-lvpfgscc39

  • MD5

    9c4190d066500e4ef4c283f44c3f3e7a

  • SHA1

    9b4829174a9718039490ad3527a3b1ec483397fd

  • SHA256

    4a7702109617d79d6f6fbf417a724fbfef11a536e2745cf49ffbdf3f76ae248e

  • SHA512

    d7400712eb6df130fd4a83dab893d1cad948c47b42aea056a9070b7fcc021ecb723efc99b61067ce5ceb9bd616ced4e2d35098d4d414e949792119f769c7e173

  • SSDEEP

    6144:u2gMYfrVIRqhFcje+qC47pNs6G6u2PcHpzGeAQ9BTOPEP:u2+frVVhevql7/FPsHpdOPEP

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      4a7702109617d79d6f6fbf417a724fbfef11a536e2745cf49ffbdf3f76ae248e

    • Size

      428KB

    • MD5

      9c4190d066500e4ef4c283f44c3f3e7a

    • SHA1

      9b4829174a9718039490ad3527a3b1ec483397fd

    • SHA256

      4a7702109617d79d6f6fbf417a724fbfef11a536e2745cf49ffbdf3f76ae248e

    • SHA512

      d7400712eb6df130fd4a83dab893d1cad948c47b42aea056a9070b7fcc021ecb723efc99b61067ce5ceb9bd616ced4e2d35098d4d414e949792119f769c7e173

    • SSDEEP

      6144:u2gMYfrVIRqhFcje+qC47pNs6G6u2PcHpzGeAQ9BTOPEP:u2+frVVhevql7/FPsHpdOPEP

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks