General
-
Target
6784b35e8ba83cc0a81f76ada1c67928c2526d13ae5e3d6657a08c53124275f6
-
Size
430KB
-
Sample
240403-pqq1asdb3w
-
MD5
270b10327bb51775c607131da8ecd051
-
SHA1
bf5db0334ca780716fd45e3e61952c621e721485
-
SHA256
6784b35e8ba83cc0a81f76ada1c67928c2526d13ae5e3d6657a08c53124275f6
-
SHA512
be7ebf226eb0a06a19bdada5693917bcff04ca1b7b62a2429e2aa21a1e273c87042ad2ee26571967d7251c9b542469c26946d9b6f3fc93f02ff2e52b57777d71
-
SSDEEP
12288:9RZOzGbjLt3GCzB1CNFq0Q2rPxa5Zfxtee:9Z3GCzB1aq0Q8a5BPee
Static task
static1
Behavioral task
behavioral1
Sample
6784b35e8ba83cc0a81f76ada1c67928c2526d13ae5e3d6657a08c53124275f6.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
6784b35e8ba83cc0a81f76ada1c67928c2526d13ae5e3d6657a08c53124275f6
-
Size
430KB
-
MD5
270b10327bb51775c607131da8ecd051
-
SHA1
bf5db0334ca780716fd45e3e61952c621e721485
-
SHA256
6784b35e8ba83cc0a81f76ada1c67928c2526d13ae5e3d6657a08c53124275f6
-
SHA512
be7ebf226eb0a06a19bdada5693917bcff04ca1b7b62a2429e2aa21a1e273c87042ad2ee26571967d7251c9b542469c26946d9b6f3fc93f02ff2e52b57777d71
-
SSDEEP
12288:9RZOzGbjLt3GCzB1CNFq0Q2rPxa5Zfxtee:9Z3GCzB1aq0Q8a5BPee
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-