General
-
Target
273e8547633b8547ad78c5dadfa19ac616a777bac6a2cd0b3c5ab77e0d8b58b3
-
Size
430KB
-
Sample
240403-yddnwaba78
-
MD5
8b0c67c847ec84149ee12117a45779a7
-
SHA1
e001118202e951ffadaf1e88e96267dc025c5b05
-
SHA256
273e8547633b8547ad78c5dadfa19ac616a777bac6a2cd0b3c5ab77e0d8b58b3
-
SHA512
c33226bb339f81db5f6fd61bff0696927513fb17bf03627d46e35863584a15abcb93a12c82a575359ffd30b36841bf4cffe82a21257a444d0938154bd09dc94f
-
SSDEEP
12288:6cngs+cvhCpAa+RRwKNpqoz74/5D0qokyRu:6gJOf+RL5z74/5D0CyRu
Static task
static1
Behavioral task
behavioral1
Sample
273e8547633b8547ad78c5dadfa19ac616a777bac6a2cd0b3c5ab77e0d8b58b3.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
273e8547633b8547ad78c5dadfa19ac616a777bac6a2cd0b3c5ab77e0d8b58b3
-
Size
430KB
-
MD5
8b0c67c847ec84149ee12117a45779a7
-
SHA1
e001118202e951ffadaf1e88e96267dc025c5b05
-
SHA256
273e8547633b8547ad78c5dadfa19ac616a777bac6a2cd0b3c5ab77e0d8b58b3
-
SHA512
c33226bb339f81db5f6fd61bff0696927513fb17bf03627d46e35863584a15abcb93a12c82a575359ffd30b36841bf4cffe82a21257a444d0938154bd09dc94f
-
SSDEEP
12288:6cngs+cvhCpAa+RRwKNpqoz74/5D0qokyRu:6gJOf+RL5z74/5D0CyRu
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-