General
-
Target
4a7702109617d79d6f6fbf417a724fbfef11a536e2745cf49ffbdf3f76ae248e
-
Size
428KB
-
Sample
240403-lvpfgscc39
-
MD5
9c4190d066500e4ef4c283f44c3f3e7a
-
SHA1
9b4829174a9718039490ad3527a3b1ec483397fd
-
SHA256
4a7702109617d79d6f6fbf417a724fbfef11a536e2745cf49ffbdf3f76ae248e
-
SHA512
d7400712eb6df130fd4a83dab893d1cad948c47b42aea056a9070b7fcc021ecb723efc99b61067ce5ceb9bd616ced4e2d35098d4d414e949792119f769c7e173
-
SSDEEP
6144:u2gMYfrVIRqhFcje+qC47pNs6G6u2PcHpzGeAQ9BTOPEP:u2+frVVhevql7/FPsHpdOPEP
Static task
static1
Behavioral task
behavioral1
Sample
4a7702109617d79d6f6fbf417a724fbfef11a536e2745cf49ffbdf3f76ae248e.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
4a7702109617d79d6f6fbf417a724fbfef11a536e2745cf49ffbdf3f76ae248e
-
Size
428KB
-
MD5
9c4190d066500e4ef4c283f44c3f3e7a
-
SHA1
9b4829174a9718039490ad3527a3b1ec483397fd
-
SHA256
4a7702109617d79d6f6fbf417a724fbfef11a536e2745cf49ffbdf3f76ae248e
-
SHA512
d7400712eb6df130fd4a83dab893d1cad948c47b42aea056a9070b7fcc021ecb723efc99b61067ce5ceb9bd616ced4e2d35098d4d414e949792119f769c7e173
-
SSDEEP
6144:u2gMYfrVIRqhFcje+qC47pNs6G6u2PcHpzGeAQ9BTOPEP:u2+frVVhevql7/FPsHpdOPEP
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-