General

  • Target

    81b64ff8f989f5a498e306b5f6f08e92b1d2d0a3c4bfc73b464f257783152c83.zip

  • Size

    301KB

  • Sample

    240403-xpbszsac32

  • MD5

    d2c7fae6e2178683d6cf3d04d7f928c9

  • SHA1

    37e83662216cac7ce558e69497036f4d28bf06e7

  • SHA256

    ec76a2e025ad777f578b6af35c134739ca0eab8faddd1b2861724b52168367f5

  • SHA512

    d7e071ba76660c15fd4d91eccbdd70aa6038662bc9918e412c414427bd471eea9d93d4e9837ad9dba6d223aad2c508920850e1acb8b8805188c1970233b95fb9

  • SSDEEP

    6144:ANokvGBv3/2iendiKyxcp+mjKZwKxv0HByCxKY8:y09+tdXyciZwavsyq8

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      81b64ff8f989f5a498e306b5f6f08e92b1d2d0a3c4bfc73b464f257783152c83.exe

    • Size

      410KB

    • MD5

      1c9f7a7f37ed9143b8cbefe285b96419

    • SHA1

      8b5d5d4c508106c9958fb33116e8b4eac9e4df8a

    • SHA256

      81b64ff8f989f5a498e306b5f6f08e92b1d2d0a3c4bfc73b464f257783152c83

    • SHA512

      2f9372b254807e5798a2638dac2449f24eaae313cadc4db4ccf151ccba18a07b47d2320b7681d35dfe36d66ad548b270849823658b19620929055fe6eed85ce8

    • SSDEEP

      6144:6vZFT3XcbbLvNeULGRvdEvUkiHDdBonjSdwn6O9F2AiX:6vZFT3MvLH+GUB4jQwn6wF25X

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks