General

  • Target

    904080279a55ffc1a6215fda60215632b49c7b94c8184d8b0411fad0313e0824

  • Size

    439KB

  • Sample

    240403-ygjdjaag7z

  • MD5

    3f64eb87b22f96d5cd599ba464387fa7

  • SHA1

    76cad8148aa998bdd5d49d716ca9acb33acd5567

  • SHA256

    904080279a55ffc1a6215fda60215632b49c7b94c8184d8b0411fad0313e0824

  • SHA512

    c8c2aa507e58e013b9a8652d51fcc0743ebf6883e9789fd487db36194fc9b9c95c9610128cba31f5c7f5ab36cc0b794a239937670e907bc2e899f2eb66699bd9

  • SSDEEP

    6144:7kbhtxmx6Ioq/kejYCq0PvVGDHnEQhpi0MoK6z5j692TyscOpxTlmb:7ohtxmx61SXD1ebz5G96Flmb

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      904080279a55ffc1a6215fda60215632b49c7b94c8184d8b0411fad0313e0824

    • Size

      439KB

    • MD5

      3f64eb87b22f96d5cd599ba464387fa7

    • SHA1

      76cad8148aa998bdd5d49d716ca9acb33acd5567

    • SHA256

      904080279a55ffc1a6215fda60215632b49c7b94c8184d8b0411fad0313e0824

    • SHA512

      c8c2aa507e58e013b9a8652d51fcc0743ebf6883e9789fd487db36194fc9b9c95c9610128cba31f5c7f5ab36cc0b794a239937670e907bc2e899f2eb66699bd9

    • SSDEEP

      6144:7kbhtxmx6Ioq/kejYCq0PvVGDHnEQhpi0MoK6z5j692TyscOpxTlmb:7ohtxmx61SXD1ebz5G96Flmb

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks