General
-
Target
d732c2a2cfd312739591e6353427644f10dd3dd222067cb478826c6d94612dda
-
Size
431KB
-
Sample
240403-wczhvage77
-
MD5
9b22c5e734f2414c7df25400f54602da
-
SHA1
33bc4b33915b36086b3dc483c0ed870aa6cc4bb0
-
SHA256
d732c2a2cfd312739591e6353427644f10dd3dd222067cb478826c6d94612dda
-
SHA512
2cfbc6ac80014b15e508b072d0bc41a09ca63a9d65845b3b3a64cce445e9a3079229c95e1e6a6dd50c832642f7ae5627973ed47f77b93e3e33f31ed4d1428a9f
-
SSDEEP
6144:x0VR/4Ys2QCqS2d5Des21BdwFyATs2gWzuoPvpHG48QOYra3x1BTMwcn:xMiYs2JqS2tFIkvw48QO6a3hMwcn
Static task
static1
Behavioral task
behavioral1
Sample
d732c2a2cfd312739591e6353427644f10dd3dd222067cb478826c6d94612dda.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
d732c2a2cfd312739591e6353427644f10dd3dd222067cb478826c6d94612dda
-
Size
431KB
-
MD5
9b22c5e734f2414c7df25400f54602da
-
SHA1
33bc4b33915b36086b3dc483c0ed870aa6cc4bb0
-
SHA256
d732c2a2cfd312739591e6353427644f10dd3dd222067cb478826c6d94612dda
-
SHA512
2cfbc6ac80014b15e508b072d0bc41a09ca63a9d65845b3b3a64cce445e9a3079229c95e1e6a6dd50c832642f7ae5627973ed47f77b93e3e33f31ed4d1428a9f
-
SSDEEP
6144:x0VR/4Ys2QCqS2d5Des21BdwFyATs2gWzuoPvpHG48QOYra3x1BTMwcn:xMiYs2JqS2tFIkvw48QO6a3hMwcn
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-