General
-
Target
1c3dee97b16eeeb895707e1e13cf9616c362b40eddd978d2e1eb58e246c345d9
-
Size
430KB
-
Sample
240403-x81w8aae4v
-
MD5
ececb8f9f32d92e8015c5c3d18890bcd
-
SHA1
6a302a2f284fd1c44592509e34855a7d05da3bed
-
SHA256
1c3dee97b16eeeb895707e1e13cf9616c362b40eddd978d2e1eb58e246c345d9
-
SHA512
23acce11712cf7699d21da97d5169716e9818d2571aa0b8f4b8e542dd72932eaeaa4dd60b8432fa5a7bac46eeaab1551689cee6e6f5a46d7717c73b768d94baa
-
SSDEEP
12288:6cngs+cvhCpAa+RRwKNpqoz74/5D0qokyRn:6gJOf+RL5z74/5D0CyRn
Static task
static1
Behavioral task
behavioral1
Sample
1c3dee97b16eeeb895707e1e13cf9616c362b40eddd978d2e1eb58e246c345d9.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
1c3dee97b16eeeb895707e1e13cf9616c362b40eddd978d2e1eb58e246c345d9
-
Size
430KB
-
MD5
ececb8f9f32d92e8015c5c3d18890bcd
-
SHA1
6a302a2f284fd1c44592509e34855a7d05da3bed
-
SHA256
1c3dee97b16eeeb895707e1e13cf9616c362b40eddd978d2e1eb58e246c345d9
-
SHA512
23acce11712cf7699d21da97d5169716e9818d2571aa0b8f4b8e542dd72932eaeaa4dd60b8432fa5a7bac46eeaab1551689cee6e6f5a46d7717c73b768d94baa
-
SSDEEP
12288:6cngs+cvhCpAa+RRwKNpqoz74/5D0qokyRn:6gJOf+RL5z74/5D0CyRn
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-