General
-
Target
904080279a55ffc1a6215fda60215632b49c7b94c8184d8b0411fad0313e0824
-
Size
439KB
-
Sample
240403-ygjdjaag7z
-
MD5
3f64eb87b22f96d5cd599ba464387fa7
-
SHA1
76cad8148aa998bdd5d49d716ca9acb33acd5567
-
SHA256
904080279a55ffc1a6215fda60215632b49c7b94c8184d8b0411fad0313e0824
-
SHA512
c8c2aa507e58e013b9a8652d51fcc0743ebf6883e9789fd487db36194fc9b9c95c9610128cba31f5c7f5ab36cc0b794a239937670e907bc2e899f2eb66699bd9
-
SSDEEP
6144:7kbhtxmx6Ioq/kejYCq0PvVGDHnEQhpi0MoK6z5j692TyscOpxTlmb:7ohtxmx61SXD1ebz5G96Flmb
Static task
static1
Behavioral task
behavioral1
Sample
904080279a55ffc1a6215fda60215632b49c7b94c8184d8b0411fad0313e0824.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
904080279a55ffc1a6215fda60215632b49c7b94c8184d8b0411fad0313e0824
-
Size
439KB
-
MD5
3f64eb87b22f96d5cd599ba464387fa7
-
SHA1
76cad8148aa998bdd5d49d716ca9acb33acd5567
-
SHA256
904080279a55ffc1a6215fda60215632b49c7b94c8184d8b0411fad0313e0824
-
SHA512
c8c2aa507e58e013b9a8652d51fcc0743ebf6883e9789fd487db36194fc9b9c95c9610128cba31f5c7f5ab36cc0b794a239937670e907bc2e899f2eb66699bd9
-
SSDEEP
6144:7kbhtxmx6Ioq/kejYCq0PvVGDHnEQhpi0MoK6z5j692TyscOpxTlmb:7ohtxmx61SXD1ebz5G96Flmb
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-