General

  • Target

    5c19f6341cb3d3db3eaaff37ee65f701cfb923cea515bb08baee82d851530998

  • Size

    428KB

  • Sample

    240403-lws53acc52

  • MD5

    49ba0ec9283bbb38853795dc7439f03a

  • SHA1

    702392dd1220abca61c1d8b81d7c1b0ccb830521

  • SHA256

    5c19f6341cb3d3db3eaaff37ee65f701cfb923cea515bb08baee82d851530998

  • SHA512

    996fc182ea62e03e08ef70987904ecb6aac49d8a1dbc44c571b5d15bca3aa4a0f123a999aac6a21299511ef559f695c3600e51b27f588d76c38658b0cdd96d5d

  • SSDEEP

    6144:u2gMYfrVIRqhFcje+qC47pNs6G6u2PcHpzGeAQ9BTOPEO:u2+frVVhevql7/FPsHpdOPEO

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      5c19f6341cb3d3db3eaaff37ee65f701cfb923cea515bb08baee82d851530998

    • Size

      428KB

    • MD5

      49ba0ec9283bbb38853795dc7439f03a

    • SHA1

      702392dd1220abca61c1d8b81d7c1b0ccb830521

    • SHA256

      5c19f6341cb3d3db3eaaff37ee65f701cfb923cea515bb08baee82d851530998

    • SHA512

      996fc182ea62e03e08ef70987904ecb6aac49d8a1dbc44c571b5d15bca3aa4a0f123a999aac6a21299511ef559f695c3600e51b27f588d76c38658b0cdd96d5d

    • SSDEEP

      6144:u2gMYfrVIRqhFcje+qC47pNs6G6u2PcHpzGeAQ9BTOPEO:u2+frVVhevql7/FPsHpdOPEO

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks