General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.12246.12715.exe
-
Size
359KB
-
Sample
240404-qnc64agh8y
-
MD5
902ac8e78936748f1c2a65eebe2a5bd7
-
SHA1
2a1c8a1ddfce7b784b4f67ddf48445a5e3e6affe
-
SHA256
c5dbbac2c89a06d432aa237cc3af96f33e5848c9ffc3226ecf9a7fa5a5309463
-
SHA512
adc1fc0cc60804b44bf7b2e240c4faf34109c4893d78c81c8031325d0636a6b537a9af9bc6d93d93a1117b6be0f1ef2155e3fd965af4f5082803a8405eab0a6c
-
SSDEEP
6144:XnqaECNPTFkBgWFtBaNzFbwhkzp/LU++d0RIxgZk+mGMeja/K5+QEhIv:6a9NPTF8LFt6Jvzp/L2+Ixp1Gxj4KihK
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.12246.12715.exe
Resource
win7-20240319-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.12246.12715.exe
-
Size
359KB
-
MD5
902ac8e78936748f1c2a65eebe2a5bd7
-
SHA1
2a1c8a1ddfce7b784b4f67ddf48445a5e3e6affe
-
SHA256
c5dbbac2c89a06d432aa237cc3af96f33e5848c9ffc3226ecf9a7fa5a5309463
-
SHA512
adc1fc0cc60804b44bf7b2e240c4faf34109c4893d78c81c8031325d0636a6b537a9af9bc6d93d93a1117b6be0f1ef2155e3fd965af4f5082803a8405eab0a6c
-
SSDEEP
6144:XnqaECNPTFkBgWFtBaNzFbwhkzp/LU++d0RIxgZk+mGMeja/K5+QEhIv:6a9NPTF8LFt6Jvzp/L2+Ixp1Gxj4KihK
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-