General
-
Target
b54eac824baa26b8c0bf40e9dd0ebf0f92e546a9845b7cc462c5f9ba3ddcea08
-
Size
430KB
-
Sample
240403-ppv8madb2w
-
MD5
4c8bd14a837cba31f8687cff42259fa7
-
SHA1
029dc10bc7e485c13053cf375df7bdaad65b6149
-
SHA256
b54eac824baa26b8c0bf40e9dd0ebf0f92e546a9845b7cc462c5f9ba3ddcea08
-
SHA512
6bb08d475a962d9d174383f25d54bbe3827d9eda42802adcc7dbe355da6b4464d8d96e004ef516f9b7f76083b50c4bef5b0adcc707f4df8ff37f66b7862735f6
-
SSDEEP
12288:9RZOzGbjLt3GCzB1CNFq0Q2rPxa5Zfxteb:9Z3GCzB1aq0Q8a5BPeb
Static task
static1
Behavioral task
behavioral1
Sample
b54eac824baa26b8c0bf40e9dd0ebf0f92e546a9845b7cc462c5f9ba3ddcea08.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
b54eac824baa26b8c0bf40e9dd0ebf0f92e546a9845b7cc462c5f9ba3ddcea08
-
Size
430KB
-
MD5
4c8bd14a837cba31f8687cff42259fa7
-
SHA1
029dc10bc7e485c13053cf375df7bdaad65b6149
-
SHA256
b54eac824baa26b8c0bf40e9dd0ebf0f92e546a9845b7cc462c5f9ba3ddcea08
-
SHA512
6bb08d475a962d9d174383f25d54bbe3827d9eda42802adcc7dbe355da6b4464d8d96e004ef516f9b7f76083b50c4bef5b0adcc707f4df8ff37f66b7862735f6
-
SSDEEP
12288:9RZOzGbjLt3GCzB1CNFq0Q2rPxa5Zfxteb:9Z3GCzB1aq0Q8a5BPeb
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-