General
-
Target
81b64ff8f989f5a498e306b5f6f08e92b1d2d0a3c4bfc73b464f257783152c83.zip
-
Size
301KB
-
Sample
240403-xpbszsac32
-
MD5
d2c7fae6e2178683d6cf3d04d7f928c9
-
SHA1
37e83662216cac7ce558e69497036f4d28bf06e7
-
SHA256
ec76a2e025ad777f578b6af35c134739ca0eab8faddd1b2861724b52168367f5
-
SHA512
d7e071ba76660c15fd4d91eccbdd70aa6038662bc9918e412c414427bd471eea9d93d4e9837ad9dba6d223aad2c508920850e1acb8b8805188c1970233b95fb9
-
SSDEEP
6144:ANokvGBv3/2iendiKyxcp+mjKZwKxv0HByCxKY8:y09+tdXyciZwavsyq8
Static task
static1
Behavioral task
behavioral1
Sample
81b64ff8f989f5a498e306b5f6f08e92b1d2d0a3c4bfc73b464f257783152c83.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
81b64ff8f989f5a498e306b5f6f08e92b1d2d0a3c4bfc73b464f257783152c83.exe
-
Size
410KB
-
MD5
1c9f7a7f37ed9143b8cbefe285b96419
-
SHA1
8b5d5d4c508106c9958fb33116e8b4eac9e4df8a
-
SHA256
81b64ff8f989f5a498e306b5f6f08e92b1d2d0a3c4bfc73b464f257783152c83
-
SHA512
2f9372b254807e5798a2638dac2449f24eaae313cadc4db4ccf151ccba18a07b47d2320b7681d35dfe36d66ad548b270849823658b19620929055fe6eed85ce8
-
SSDEEP
6144:6vZFT3XcbbLvNeULGRvdEvUkiHDdBonjSdwn6O9F2AiX:6vZFT3MvLH+GUB4jQwn6wF25X
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-