General
-
Target
b851e0dbee4a0e26a38ec6e54c0ae716c9c1a6be78a84c053cbc1eda5030ef11
-
Size
430KB
-
Sample
240403-yf3qsabb83
-
MD5
9a964e2155d7fe6230c9cf5782f2ae76
-
SHA1
601f037bda64b91fc725a9fe2435d4fae59432f6
-
SHA256
b851e0dbee4a0e26a38ec6e54c0ae716c9c1a6be78a84c053cbc1eda5030ef11
-
SHA512
269020e23cb885c872f0f7bca7e922399035f6fdd4fb68a9eae80911d2955486b8bfc868c6de3758463bf0eb57d0b5c90787c9eebf5a32d9fc38ce26491c9afb
-
SSDEEP
12288:6cngs+cvhCpAa+RRwKNpqoz74/5D0qokyRv:6gJOf+RL5z74/5D0CyRv
Static task
static1
Behavioral task
behavioral1
Sample
b851e0dbee4a0e26a38ec6e54c0ae716c9c1a6be78a84c053cbc1eda5030ef11.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
b851e0dbee4a0e26a38ec6e54c0ae716c9c1a6be78a84c053cbc1eda5030ef11
-
Size
430KB
-
MD5
9a964e2155d7fe6230c9cf5782f2ae76
-
SHA1
601f037bda64b91fc725a9fe2435d4fae59432f6
-
SHA256
b851e0dbee4a0e26a38ec6e54c0ae716c9c1a6be78a84c053cbc1eda5030ef11
-
SHA512
269020e23cb885c872f0f7bca7e922399035f6fdd4fb68a9eae80911d2955486b8bfc868c6de3758463bf0eb57d0b5c90787c9eebf5a32d9fc38ce26491c9afb
-
SSDEEP
12288:6cngs+cvhCpAa+RRwKNpqoz74/5D0qokyRv:6gJOf+RL5z74/5D0CyRv
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-