General
-
Target
tmp
-
Size
454KB
-
Sample
240407-y2xrnadg89
-
MD5
ff5102331f070d44be63a3446d9a583a
-
SHA1
5df265bdd7f9302ef089b5c03183f3c6ecf11a56
-
SHA256
c76e1dc0b8436bd1dfb05c050fb5fd7c890c031088b0698377e0a50c556f01d8
-
SHA512
4d25a03b35f745d6a3f512add819cfd312aa42598bac555cb781e8621ae01b4111d83a67f2c69ab6b3c640517d5ae533bb19de201561edb7cf12774bc7a2c00e
-
SSDEEP
12288:2iB9S1zi63i/LYjQogh7cz3EP4Fn4IWneiS6f:2irSI63iTYkogh4DlKrf
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
tmp
-
Size
454KB
-
MD5
ff5102331f070d44be63a3446d9a583a
-
SHA1
5df265bdd7f9302ef089b5c03183f3c6ecf11a56
-
SHA256
c76e1dc0b8436bd1dfb05c050fb5fd7c890c031088b0698377e0a50c556f01d8
-
SHA512
4d25a03b35f745d6a3f512add819cfd312aa42598bac555cb781e8621ae01b4111d83a67f2c69ab6b3c640517d5ae533bb19de201561edb7cf12774bc7a2c00e
-
SSDEEP
12288:2iB9S1zi63i/LYjQogh7cz3EP4Fn4IWneiS6f:2irSI63iTYkogh4DlKrf
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-