stealc | fb0a2456478714c5117e6fea5cc9f4c8db4e58331f4562a1af5c0669fec667fd | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

fb0a2456478714c5117e6fea5cc9f4c8db4e58331f4562a1af5c0669fec667fd
Size

359KB
Sample

240404-ls4gmacd33
MD5

2d20cd64683222247ee607673dfba78c
SHA1

4fa462bf25da7a60e3d3db59e973d4b422e7cbb5
SHA256

fb0a2456478714c5117e6fea5cc9f4c8db4e58331f4562a1af5c0669fec667fd
SHA512

a7da43f69c0d3b8ffe1d03e8bec7bc014ecf8a35c098804dfefb92e4193ef17574f3d234eed6fb0ec37df8a8c713da101eefab6a53622a772321c02c523f2376
SSDEEP

6144:XnqaECNPTFkBgWFtBaNzFbwhkzp/LU++d0RIxgZk+mGMeja/K5+QEhIo:6a9NPTF8LFt6Jvzp/L2+Ixp1Gxj4KihN

Score

10^/10

stealc zgrat discovery rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fb0a2456478714c5117e6fea5cc9f4c8db4e58331f4562a1af5c0669fec667fd.exe

Resource

win10v2004-20240226-en

stealc zgrat discovery rat spyware stealer

windows10-2004-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

fb0a2456478714c5117e6fea5cc9f4c8db4e58331f4562a1af5c0669fec667fd.exe

Resource

win11-20240221-en

stealc zgrat discovery rat spyware stealer

windows11-21h2-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes

url_path
/3cd2b41cbde8fc9c.php

Targets

- Target
  
  fb0a2456478714c5117e6fea5cc9f4c8db4e58331f4562a1af5c0669fec667fd
- Size
  
  359KB
- MD5
  
  2d20cd64683222247ee607673dfba78c
- SHA1
  
  4fa462bf25da7a60e3d3db59e973d4b422e7cbb5
- SHA256
  
  fb0a2456478714c5117e6fea5cc9f4c8db4e58331f4562a1af5c0669fec667fd
- SHA512
  
  a7da43f69c0d3b8ffe1d03e8bec7bc014ecf8a35c098804dfefb92e4193ef17574f3d234eed6fb0ec37df8a8c713da101eefab6a53622a772321c02c523f2376
- SSDEEP
  
  6144:XnqaECNPTFkBgWFtBaNzFbwhkzp/LU++d0RIxgZk+mGMeja/K5+QEhIo:6a9NPTF8LFt6Jvzp/L2+Ixp1Gxj4KihN
Score

10^/10

stealc zgrat discovery rat spyware stealer
- Detect ZGRat V1
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

stealczgratdiscoveryratspywarestealer

behavioral2

stealczgratdiscoveryratspywarestealer

© 2018-2024

Terms | Privacy