General
-
Target
f860335bbad79b684c9b0f49a0b1f12bffd6fee18bbcc9bf39775c24f19ce6f5
-
Size
430KB
-
Sample
240403-x7yqgaad8w
-
MD5
1ac708b1ee362ca0967e056c19920ab8
-
SHA1
65aa9ac7849ffc03c27842dc4e23cf0c095f1e3b
-
SHA256
f860335bbad79b684c9b0f49a0b1f12bffd6fee18bbcc9bf39775c24f19ce6f5
-
SHA512
ab999eacacf4aeb05aa0bf5d53863008ba96fa0e072085f89a69ba33924a7a759ab752253c20d2dffe730bbad55586734b4ba5c7bb8bcb87c561ffeecbe26c4a
-
SSDEEP
12288:6cngs+cvhCpAa+RRwKNpqoz74/5D0qokyRr:6gJOf+RL5z74/5D0CyRr
Static task
static1
Behavioral task
behavioral1
Sample
f860335bbad79b684c9b0f49a0b1f12bffd6fee18bbcc9bf39775c24f19ce6f5.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
f860335bbad79b684c9b0f49a0b1f12bffd6fee18bbcc9bf39775c24f19ce6f5
-
Size
430KB
-
MD5
1ac708b1ee362ca0967e056c19920ab8
-
SHA1
65aa9ac7849ffc03c27842dc4e23cf0c095f1e3b
-
SHA256
f860335bbad79b684c9b0f49a0b1f12bffd6fee18bbcc9bf39775c24f19ce6f5
-
SHA512
ab999eacacf4aeb05aa0bf5d53863008ba96fa0e072085f89a69ba33924a7a759ab752253c20d2dffe730bbad55586734b4ba5c7bb8bcb87c561ffeecbe26c4a
-
SSDEEP
12288:6cngs+cvhCpAa+RRwKNpqoz74/5D0qokyRr:6gJOf+RL5z74/5D0CyRr
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-