General

  • Target

    d732c2a2cfd312739591e6353427644f10dd3dd222067cb478826c6d94612dda

  • Size

    431KB

  • Sample

    240403-wczhvage77

  • MD5

    9b22c5e734f2414c7df25400f54602da

  • SHA1

    33bc4b33915b36086b3dc483c0ed870aa6cc4bb0

  • SHA256

    d732c2a2cfd312739591e6353427644f10dd3dd222067cb478826c6d94612dda

  • SHA512

    2cfbc6ac80014b15e508b072d0bc41a09ca63a9d65845b3b3a64cce445e9a3079229c95e1e6a6dd50c832642f7ae5627973ed47f77b93e3e33f31ed4d1428a9f

  • SSDEEP

    6144:x0VR/4Ys2QCqS2d5Des21BdwFyATs2gWzuoPvpHG48QOYra3x1BTMwcn:xMiYs2JqS2tFIkvw48QO6a3hMwcn

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      d732c2a2cfd312739591e6353427644f10dd3dd222067cb478826c6d94612dda

    • Size

      431KB

    • MD5

      9b22c5e734f2414c7df25400f54602da

    • SHA1

      33bc4b33915b36086b3dc483c0ed870aa6cc4bb0

    • SHA256

      d732c2a2cfd312739591e6353427644f10dd3dd222067cb478826c6d94612dda

    • SHA512

      2cfbc6ac80014b15e508b072d0bc41a09ca63a9d65845b3b3a64cce445e9a3079229c95e1e6a6dd50c832642f7ae5627973ed47f77b93e3e33f31ed4d1428a9f

    • SSDEEP

      6144:x0VR/4Ys2QCqS2d5Des21BdwFyATs2gWzuoPvpHG48QOYra3x1BTMwcn:xMiYs2JqS2tFIkvw48QO6a3hMwcn

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks