General

  • Target

    1c3dee97b16eeeb895707e1e13cf9616c362b40eddd978d2e1eb58e246c345d9

  • Size

    430KB

  • Sample

    240403-x81w8aae4v

  • MD5

    ececb8f9f32d92e8015c5c3d18890bcd

  • SHA1

    6a302a2f284fd1c44592509e34855a7d05da3bed

  • SHA256

    1c3dee97b16eeeb895707e1e13cf9616c362b40eddd978d2e1eb58e246c345d9

  • SHA512

    23acce11712cf7699d21da97d5169716e9818d2571aa0b8f4b8e542dd72932eaeaa4dd60b8432fa5a7bac46eeaab1551689cee6e6f5a46d7717c73b768d94baa

  • SSDEEP

    12288:6cngs+cvhCpAa+RRwKNpqoz74/5D0qokyRn:6gJOf+RL5z74/5D0CyRn

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      1c3dee97b16eeeb895707e1e13cf9616c362b40eddd978d2e1eb58e246c345d9

    • Size

      430KB

    • MD5

      ececb8f9f32d92e8015c5c3d18890bcd

    • SHA1

      6a302a2f284fd1c44592509e34855a7d05da3bed

    • SHA256

      1c3dee97b16eeeb895707e1e13cf9616c362b40eddd978d2e1eb58e246c345d9

    • SHA512

      23acce11712cf7699d21da97d5169716e9818d2571aa0b8f4b8e542dd72932eaeaa4dd60b8432fa5a7bac46eeaab1551689cee6e6f5a46d7717c73b768d94baa

    • SSDEEP

      12288:6cngs+cvhCpAa+RRwKNpqoz74/5D0qokyRn:6gJOf+RL5z74/5D0CyRn

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks