General
-
Target
564f651a7af241c21df1a4b0a432e0d974c5cb55e48cd7712e70b3122546ed2a
-
Size
431KB
-
Sample
240403-wcdw5sgb6z
-
MD5
8a0d72023e83c8010871a178c5079e9c
-
SHA1
557b36f91c7e91c5c51ededccc50b1d1826fc353
-
SHA256
564f651a7af241c21df1a4b0a432e0d974c5cb55e48cd7712e70b3122546ed2a
-
SHA512
8dbb730fa34e243c8d3c2547bc0a6dffe3cf7b3ee5819f7fd6742a8dd38f7a77ae28136cae6f127185cd8a1af3acd8066577b1d7eda7441b897e05d464aba3f4
-
SSDEEP
6144:x0VR/4Ys2QCqS2d5Des21BdwFyATs2gWzuoPvpHG48QOYra3x1BTMwcu:xMiYs2JqS2tFIkvw48QO6a3hMwcu
Static task
static1
Behavioral task
behavioral1
Sample
564f651a7af241c21df1a4b0a432e0d974c5cb55e48cd7712e70b3122546ed2a.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
564f651a7af241c21df1a4b0a432e0d974c5cb55e48cd7712e70b3122546ed2a
-
Size
431KB
-
MD5
8a0d72023e83c8010871a178c5079e9c
-
SHA1
557b36f91c7e91c5c51ededccc50b1d1826fc353
-
SHA256
564f651a7af241c21df1a4b0a432e0d974c5cb55e48cd7712e70b3122546ed2a
-
SHA512
8dbb730fa34e243c8d3c2547bc0a6dffe3cf7b3ee5819f7fd6742a8dd38f7a77ae28136cae6f127185cd8a1af3acd8066577b1d7eda7441b897e05d464aba3f4
-
SSDEEP
6144:x0VR/4Ys2QCqS2d5Des21BdwFyATs2gWzuoPvpHG48QOYra3x1BTMwcu:xMiYs2JqS2tFIkvw48QO6a3hMwcu
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-