stealc | 9994d8f1944becbe2d7d359d30149bbe3241a9f15eed6c9572746fad4f524521 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

9994d8f1944becbe2d7d359d30149bbe3241a9f15eed6c9572746fad4f524521
Size

412KB
Sample

240418-p9qhwaeh8y
MD5

0897f8698557905b5b54c894ebca85d2
SHA1

3313116f4ba3ca5dd041fcd6ce85904ae6cf05ee
SHA256

9994d8f1944becbe2d7d359d30149bbe3241a9f15eed6c9572746fad4f524521
SHA512

01754a05532206551124f3261dcbfd973d16b13e38bb134d12c2a32fa6a5e96b77ee0c1e88b35599a51e60a27edde34ad7f52c35307a865068ec896b0fb9827e
SSDEEP

6144:AGlcL+o09CVHclUl3t/1aXwTY9nWK7gjnoF3ovTw4Ce7B/9ryFV:AGlcqoCCtclDXwTY9nSo1oLCe9BoV

Score

10^/10

stealc zgrat rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9994d8f1944becbe2d7d359d30149bbe3241a9f15eed6c9572746fad4f524521.exe

Resource

win10v2004-20240412-en

stealc zgrat rat stealer

windows10-2004-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

9994d8f1944becbe2d7d359d30149bbe3241a9f15eed6c9572746fad4f524521.exe

Resource

win11-20240412-en

stealc zgrat rat stealer

windows11-21h2-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  9994d8f1944becbe2d7d359d30149bbe3241a9f15eed6c9572746fad4f524521
- Size
  
  412KB
- MD5
  
  0897f8698557905b5b54c894ebca85d2
- SHA1
  
  3313116f4ba3ca5dd041fcd6ce85904ae6cf05ee
- SHA256
  
  9994d8f1944becbe2d7d359d30149bbe3241a9f15eed6c9572746fad4f524521
- SHA512
  
  01754a05532206551124f3261dcbfd973d16b13e38bb134d12c2a32fa6a5e96b77ee0c1e88b35599a51e60a27edde34ad7f52c35307a865068ec896b0fb9827e
- SSDEEP
  
  6144:AGlcL+o09CVHclUl3t/1aXwTY9nWK7gjnoF3ovTw4Ce7B/9ryFV:AGlcqoCCtclDXwTY9nSo1oLCe9BoV
Score

10^/10

stealc zgrat rat stealer
- Detect ZGRat V1
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealczgratratstealer

behavioral2

stealczgratratstealer

© 2018-2025

Terms | Privacy