General
-
Target
e1915143fdf110d852c0009cb40531a12755c2518be8733a7563fcbe8069dd33
-
Size
439KB
-
Sample
240403-ylmxhsbd55
-
MD5
5d225f4f16f2dbccd187e60bdfc38375
-
SHA1
33bedea0f38ea5c95476b8425ad6e5a8db39e4c6
-
SHA256
e1915143fdf110d852c0009cb40531a12755c2518be8733a7563fcbe8069dd33
-
SHA512
5f18c04bb99a3272f99371ed4bed77904201538b5867b25413af8041549c446d2daf58abb0ee9a62ce4d56a974485a4a7b7b2cb983c084bb11b0b540b1f71e06
-
SSDEEP
6144:7kbhtxmx6Ioq/kejYCq0PvVGDHnEQhpi0MoK6z5j692TyscOpxTlmf:7ohtxmx61SXD1ebz5G96Flmf
Static task
static1
Behavioral task
behavioral1
Sample
e1915143fdf110d852c0009cb40531a12755c2518be8733a7563fcbe8069dd33.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
e1915143fdf110d852c0009cb40531a12755c2518be8733a7563fcbe8069dd33
-
Size
439KB
-
MD5
5d225f4f16f2dbccd187e60bdfc38375
-
SHA1
33bedea0f38ea5c95476b8425ad6e5a8db39e4c6
-
SHA256
e1915143fdf110d852c0009cb40531a12755c2518be8733a7563fcbe8069dd33
-
SHA512
5f18c04bb99a3272f99371ed4bed77904201538b5867b25413af8041549c446d2daf58abb0ee9a62ce4d56a974485a4a7b7b2cb983c084bb11b0b540b1f71e06
-
SSDEEP
6144:7kbhtxmx6Ioq/kejYCq0PvVGDHnEQhpi0MoK6z5j692TyscOpxTlmf:7ohtxmx61SXD1ebz5G96Flmf
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-