General

  • Target

    b91f7e884934a65b0d6cf81b4a0808b9ed687db900138cec1fad8530cadc265d

  • Size

    478KB

  • Sample

    240407-tqq3hsgg73

  • MD5

    ea8b5767bda6719af15001c83b5c3451

  • SHA1

    733f4ec4df2fc53bd1ee30eb57bf73145787576d

  • SHA256

    b91f7e884934a65b0d6cf81b4a0808b9ed687db900138cec1fad8530cadc265d

  • SHA512

    718eba8a6073d6e76be5af2bab8bc84be9299e1971af23c6a8a218aa1ae1a3996ff2f796e0594438ca62cb0ef0826f920d4c4a7c9d2863c72f6bee5a43fc7ccb

  • SSDEEP

    6144:7BSBKD7+zBBet1F68/0kyy6sQU9HwdrQH315DG67gqlcS3EO+eVf+oU:NS+qN58Iy6sQUhssfiQ3dEOhVflU

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      b91f7e884934a65b0d6cf81b4a0808b9ed687db900138cec1fad8530cadc265d

    • Size

      478KB

    • MD5

      ea8b5767bda6719af15001c83b5c3451

    • SHA1

      733f4ec4df2fc53bd1ee30eb57bf73145787576d

    • SHA256

      b91f7e884934a65b0d6cf81b4a0808b9ed687db900138cec1fad8530cadc265d

    • SHA512

      718eba8a6073d6e76be5af2bab8bc84be9299e1971af23c6a8a218aa1ae1a3996ff2f796e0594438ca62cb0ef0826f920d4c4a7c9d2863c72f6bee5a43fc7ccb

    • SSDEEP

      6144:7BSBKD7+zBBet1F68/0kyy6sQU9HwdrQH315DG67gqlcS3EO+eVf+oU:NS+qN58Iy6sQUhssfiQ3dEOhVflU

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks