General
-
Target
5c19f6341cb3d3db3eaaff37ee65f701cfb923cea515bb08baee82d851530998
-
Size
428KB
-
Sample
240403-lws53acc52
-
MD5
49ba0ec9283bbb38853795dc7439f03a
-
SHA1
702392dd1220abca61c1d8b81d7c1b0ccb830521
-
SHA256
5c19f6341cb3d3db3eaaff37ee65f701cfb923cea515bb08baee82d851530998
-
SHA512
996fc182ea62e03e08ef70987904ecb6aac49d8a1dbc44c571b5d15bca3aa4a0f123a999aac6a21299511ef559f695c3600e51b27f588d76c38658b0cdd96d5d
-
SSDEEP
6144:u2gMYfrVIRqhFcje+qC47pNs6G6u2PcHpzGeAQ9BTOPEO:u2+frVVhevql7/FPsHpdOPEO
Static task
static1
Behavioral task
behavioral1
Sample
5c19f6341cb3d3db3eaaff37ee65f701cfb923cea515bb08baee82d851530998.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
5c19f6341cb3d3db3eaaff37ee65f701cfb923cea515bb08baee82d851530998
-
Size
428KB
-
MD5
49ba0ec9283bbb38853795dc7439f03a
-
SHA1
702392dd1220abca61c1d8b81d7c1b0ccb830521
-
SHA256
5c19f6341cb3d3db3eaaff37ee65f701cfb923cea515bb08baee82d851530998
-
SHA512
996fc182ea62e03e08ef70987904ecb6aac49d8a1dbc44c571b5d15bca3aa4a0f123a999aac6a21299511ef559f695c3600e51b27f588d76c38658b0cdd96d5d
-
SSDEEP
6144:u2gMYfrVIRqhFcje+qC47pNs6G6u2PcHpzGeAQ9BTOPEO:u2+frVVhevql7/FPsHpdOPEO
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-