General
-
Target
a501f1acd2b34927e525b092a200738b785dd9cf721e1fd99c12f3a6250a44e0
-
Size
430KB
-
Sample
240403-pqb65sde58
-
MD5
f79ff930af1230fde6604797143e2060
-
SHA1
7564054e6f164e7eebf41c412f763a6d34dce35e
-
SHA256
a501f1acd2b34927e525b092a200738b785dd9cf721e1fd99c12f3a6250a44e0
-
SHA512
664b3084ad48a4252a1837cbac9937dbdd1c1581b6cc5240ecbf00824128f66b8c7913ce1aa2a34775b31360258f2aa84ec7c7d3375f4d4d7f39c3f5ddcf8e49
-
SSDEEP
12288:9RZOzGbjLt3GCzB1CNFq0Q2rPxa5ZfxteV:9Z3GCzB1aq0Q8a5BPeV
Static task
static1
Behavioral task
behavioral1
Sample
a501f1acd2b34927e525b092a200738b785dd9cf721e1fd99c12f3a6250a44e0.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
a501f1acd2b34927e525b092a200738b785dd9cf721e1fd99c12f3a6250a44e0
-
Size
430KB
-
MD5
f79ff930af1230fde6604797143e2060
-
SHA1
7564054e6f164e7eebf41c412f763a6d34dce35e
-
SHA256
a501f1acd2b34927e525b092a200738b785dd9cf721e1fd99c12f3a6250a44e0
-
SHA512
664b3084ad48a4252a1837cbac9937dbdd1c1581b6cc5240ecbf00824128f66b8c7913ce1aa2a34775b31360258f2aa84ec7c7d3375f4d4d7f39c3f5ddcf8e49
-
SSDEEP
12288:9RZOzGbjLt3GCzB1CNFq0Q2rPxa5ZfxteV:9Z3GCzB1aq0Q8a5BPeV
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-