General
-
Target
7eace7f41cb0220dbc24cdb74def1306d517493bf9778307537e3b154158bfd2
-
Size
430KB
-
Sample
240403-psg56sdb6v
-
MD5
1b8009cf19c1bd7d2fc5f065f2057253
-
SHA1
fcf78bad7bc041bee0d2e5db268c177abb88960e
-
SHA256
7eace7f41cb0220dbc24cdb74def1306d517493bf9778307537e3b154158bfd2
-
SHA512
dcbf029b412d6aabfdea2f1e104fc16628fbdccf775fc1fc4914469c33d746be393967b7d03f31a1f5c8b12c21e62b4441d242debe08d8f1bf79c25d4218ef5b
-
SSDEEP
12288:9RZOzGbjLt3GCzB1CNFq0Q2rPxa5ZfxteX:9Z3GCzB1aq0Q8a5BPeX
Static task
static1
Behavioral task
behavioral1
Sample
7eace7f41cb0220dbc24cdb74def1306d517493bf9778307537e3b154158bfd2.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
7eace7f41cb0220dbc24cdb74def1306d517493bf9778307537e3b154158bfd2
-
Size
430KB
-
MD5
1b8009cf19c1bd7d2fc5f065f2057253
-
SHA1
fcf78bad7bc041bee0d2e5db268c177abb88960e
-
SHA256
7eace7f41cb0220dbc24cdb74def1306d517493bf9778307537e3b154158bfd2
-
SHA512
dcbf029b412d6aabfdea2f1e104fc16628fbdccf775fc1fc4914469c33d746be393967b7d03f31a1f5c8b12c21e62b4441d242debe08d8f1bf79c25d4218ef5b
-
SSDEEP
12288:9RZOzGbjLt3GCzB1CNFq0Q2rPxa5ZfxteX:9Z3GCzB1aq0Q8a5BPeX
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-