General
-
Target
7cac5ef5e1dc729fdfb2610f2460a78d5ef2e2b9c9f39b8834ff96261732c6a0
-
Size
342KB
-
Sample
240406-g7gh7ace7v
-
MD5
f53ac4826333b609d7afbc6ad3293691
-
SHA1
93667ae800729a5125ef6c44d039972a84bf39ae
-
SHA256
7cac5ef5e1dc729fdfb2610f2460a78d5ef2e2b9c9f39b8834ff96261732c6a0
-
SHA512
6c7a61ef3c13b5724820b0cfb8e7fd8336318692117b79578fec04ccde0d6a47cc9c23c93de2e6fa37af5da2c130304974e8867cd72288b4c59b7714805da029
-
SSDEEP
6144:TnxvOxqTdkXAyVG2byslJyDPzM9TfBw/Mom9VcurkJbX:TxvOxqxkXAgd0zKTJw/MoY1mX
Static task
static1
Behavioral task
behavioral1
Sample
7cac5ef5e1dc729fdfb2610f2460a78d5ef2e2b9c9f39b8834ff96261732c6a0.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
7cac5ef5e1dc729fdfb2610f2460a78d5ef2e2b9c9f39b8834ff96261732c6a0
-
Size
342KB
-
MD5
f53ac4826333b609d7afbc6ad3293691
-
SHA1
93667ae800729a5125ef6c44d039972a84bf39ae
-
SHA256
7cac5ef5e1dc729fdfb2610f2460a78d5ef2e2b9c9f39b8834ff96261732c6a0
-
SHA512
6c7a61ef3c13b5724820b0cfb8e7fd8336318692117b79578fec04ccde0d6a47cc9c23c93de2e6fa37af5da2c130304974e8867cd72288b4c59b7714805da029
-
SSDEEP
6144:TnxvOxqTdkXAyVG2byslJyDPzM9TfBw/Mom9VcurkJbX:TxvOxqxkXAgd0zKTJw/MoY1mX
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-