stealc | 92e7a9f7696f57e49ce8b75842db90bd6e827119e1864693b2c4d4b59e1ea16b | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

Copy URL Twitter E-mail

General

Target

92e7a9f7696f57e49ce8b75842db90bd6e827119e1864693b2c4d4b59e1ea16b
Size

438KB
Sample

240408-yv9gwadg8y
MD5

dcb197eee01d724eb2d384bc20a56835
SHA1

c71cf864b7294ba3b916a52301490c8a276ef019
SHA256

92e7a9f7696f57e49ce8b75842db90bd6e827119e1864693b2c4d4b59e1ea16b
SHA512

332273bb95c3ca9181e9f8bbd29deabbd1239669a5e2c5848ea316f01753296d295890ebaa81be4631069eaeb200c838e3097a6309f17aeacdd1e7e1c4862ff8
SSDEEP

6144:OqGjek9bnH1xmXt/lk80aaE72OZjj8C+0jTCBDPduTPQ6sdVjQr5tvwv0:75yoXQ1aaE72ajjxjTC9P4TPCLjOtw0

Score

10^/10

stealc zgrat discovery rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

92e7a9f7696f57e49ce8b75842db90bd6e827119e1864693b2c4d4b59e1ea16b.exe

Resource

win10v2004-20240226-en

stealc zgrat discovery rat spyware stealer

windows10-2004-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

92e7a9f7696f57e49ce8b75842db90bd6e827119e1864693b2c4d4b59e1ea16b.exe

Resource

win11-20240221-en

stealc zgrat discovery rat spyware stealer

windows11-21h2-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes

url_path
/3cd2b41cbde8fc9c.php

Targets

- Target
  
  92e7a9f7696f57e49ce8b75842db90bd6e827119e1864693b2c4d4b59e1ea16b
- Size
  
  438KB
- MD5
  
  dcb197eee01d724eb2d384bc20a56835
- SHA1
  
  c71cf864b7294ba3b916a52301490c8a276ef019
- SHA256
  
  92e7a9f7696f57e49ce8b75842db90bd6e827119e1864693b2c4d4b59e1ea16b
- SHA512
  
  332273bb95c3ca9181e9f8bbd29deabbd1239669a5e2c5848ea316f01753296d295890ebaa81be4631069eaeb200c838e3097a6309f17aeacdd1e7e1c4862ff8
- SSDEEP
  
  6144:OqGjek9bnH1xmXt/lk80aaE72OZjj8C+0jTCBDPduTPQ6sdVjQr5tvwv0:75yoXQ1aaE72ajjxjTC9P4TPCLjOtw0
Score

10^/10

stealc zgrat discovery rat spyware stealer
- Detect ZGRat V1
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealczgratdiscoveryratspywarestealer

behavioral2

stealczgratdiscoveryratspywarestealer

© 2018-2025

Terms | Privacy