General

  • Target

    e1915143fdf110d852c0009cb40531a12755c2518be8733a7563fcbe8069dd33

  • Size

    439KB

  • Sample

    240403-ylmxhsbd55

  • MD5

    5d225f4f16f2dbccd187e60bdfc38375

  • SHA1

    33bedea0f38ea5c95476b8425ad6e5a8db39e4c6

  • SHA256

    e1915143fdf110d852c0009cb40531a12755c2518be8733a7563fcbe8069dd33

  • SHA512

    5f18c04bb99a3272f99371ed4bed77904201538b5867b25413af8041549c446d2daf58abb0ee9a62ce4d56a974485a4a7b7b2cb983c084bb11b0b540b1f71e06

  • SSDEEP

    6144:7kbhtxmx6Ioq/kejYCq0PvVGDHnEQhpi0MoK6z5j692TyscOpxTlmf:7ohtxmx61SXD1ebz5G96Flmf

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      e1915143fdf110d852c0009cb40531a12755c2518be8733a7563fcbe8069dd33

    • Size

      439KB

    • MD5

      5d225f4f16f2dbccd187e60bdfc38375

    • SHA1

      33bedea0f38ea5c95476b8425ad6e5a8db39e4c6

    • SHA256

      e1915143fdf110d852c0009cb40531a12755c2518be8733a7563fcbe8069dd33

    • SHA512

      5f18c04bb99a3272f99371ed4bed77904201538b5867b25413af8041549c446d2daf58abb0ee9a62ce4d56a974485a4a7b7b2cb983c084bb11b0b540b1f71e06

    • SSDEEP

      6144:7kbhtxmx6Ioq/kejYCq0PvVGDHnEQhpi0MoK6z5j692TyscOpxTlmf:7ohtxmx61SXD1ebz5G96Flmf

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks