General
-
Target
1f80c4ace32b220a984e4c0a9c13bcb8d27c626ee02aae8fee43ae08000ccd7f
-
Size
478KB
-
Sample
240407-2kfzcsgg79
-
MD5
c9d7ad34182bec8a916ccd995023908e
-
SHA1
66aed5279d831f2e961b44d35a7040e1d5bae323
-
SHA256
1f80c4ace32b220a984e4c0a9c13bcb8d27c626ee02aae8fee43ae08000ccd7f
-
SHA512
5be220f585e6078ac4563a96dd02b74d25380e0d82cae5ddd915966993711aecfc135cf93b66f8d7a13f54eda5f2d5503f453bbc19f63a1eac63cf9ed4ff01b2
-
SSDEEP
12288:gOP8W4WCijCGpPVr7/Is7Yp/4UIAR2eCbVfuX:gOyW5jnFYi3JhfuX
Static task
static1
Behavioral task
behavioral1
Sample
1f80c4ace32b220a984e4c0a9c13bcb8d27c626ee02aae8fee43ae08000ccd7f.exe
Resource
win10v2004-20240319-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
1f80c4ace32b220a984e4c0a9c13bcb8d27c626ee02aae8fee43ae08000ccd7f
-
Size
478KB
-
MD5
c9d7ad34182bec8a916ccd995023908e
-
SHA1
66aed5279d831f2e961b44d35a7040e1d5bae323
-
SHA256
1f80c4ace32b220a984e4c0a9c13bcb8d27c626ee02aae8fee43ae08000ccd7f
-
SHA512
5be220f585e6078ac4563a96dd02b74d25380e0d82cae5ddd915966993711aecfc135cf93b66f8d7a13f54eda5f2d5503f453bbc19f63a1eac63cf9ed4ff01b2
-
SSDEEP
12288:gOP8W4WCijCGpPVr7/Is7Yp/4UIAR2eCbVfuX:gOyW5jnFYi3JhfuX
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-