General
-
Target
b91f7e884934a65b0d6cf81b4a0808b9ed687db900138cec1fad8530cadc265d
-
Size
478KB
-
Sample
240407-tqq3hsgg73
-
MD5
ea8b5767bda6719af15001c83b5c3451
-
SHA1
733f4ec4df2fc53bd1ee30eb57bf73145787576d
-
SHA256
b91f7e884934a65b0d6cf81b4a0808b9ed687db900138cec1fad8530cadc265d
-
SHA512
718eba8a6073d6e76be5af2bab8bc84be9299e1971af23c6a8a218aa1ae1a3996ff2f796e0594438ca62cb0ef0826f920d4c4a7c9d2863c72f6bee5a43fc7ccb
-
SSDEEP
6144:7BSBKD7+zBBet1F68/0kyy6sQU9HwdrQH315DG67gqlcS3EO+eVf+oU:NS+qN58Iy6sQUhssfiQ3dEOhVflU
Static task
static1
Behavioral task
behavioral1
Sample
b91f7e884934a65b0d6cf81b4a0808b9ed687db900138cec1fad8530cadc265d.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
b91f7e884934a65b0d6cf81b4a0808b9ed687db900138cec1fad8530cadc265d
-
Size
478KB
-
MD5
ea8b5767bda6719af15001c83b5c3451
-
SHA1
733f4ec4df2fc53bd1ee30eb57bf73145787576d
-
SHA256
b91f7e884934a65b0d6cf81b4a0808b9ed687db900138cec1fad8530cadc265d
-
SHA512
718eba8a6073d6e76be5af2bab8bc84be9299e1971af23c6a8a218aa1ae1a3996ff2f796e0594438ca62cb0ef0826f920d4c4a7c9d2863c72f6bee5a43fc7ccb
-
SSDEEP
6144:7BSBKD7+zBBet1F68/0kyy6sQU9HwdrQH315DG67gqlcS3EO+eVf+oU:NS+qN58Iy6sQUhssfiQ3dEOhVflU
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-