stealc | cf51137fd01fbda379208b0f344dfebb6832454c69596b8fd39846fd833f04a9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

cf51137fd01fbda379208b0f344dfebb6832454c69596b8fd39846fd833f04a9
Size

425KB
Sample

240422-3b8hpahf7t
MD5

03f91cfb52d95a096ad2b211e49f9e76
SHA1

5f5680e1bfaa6b806c3be68536c7fd2c6089ca66
SHA256

cf51137fd01fbda379208b0f344dfebb6832454c69596b8fd39846fd833f04a9
SHA512

c5a8a3608b559574878ed96379010a35d695846ab24317d6938be70a4c1aa6aeb5505f27949e2ee64b6b5c95c829f18120c536cf9e3536a37dc49096cf668c20
SSDEEP

6144:Q5aN2Vntc5AZgFculbmTyNdviCkR0ybsQM4PJirrxGP1dY1Bu/fK:caNyqZKre/iL0ywQLBirrQNP/fK

Score

10^/10

stealc zgrat rat stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cf51137fd01fbda379208b0f344dfebb6832454c69596b8fd39846fd833f04a9.exe

Resource

win10v2004-20240412-en

stealc zgrat rat stealer

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

cf51137fd01fbda379208b0f344dfebb6832454c69596b8fd39846fd833f04a9.exe

Resource

win11-20240412-en

stealc zgrat rat stealer

windows11-21h2-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  cf51137fd01fbda379208b0f344dfebb6832454c69596b8fd39846fd833f04a9
- Size
  
  425KB
- MD5
  
  03f91cfb52d95a096ad2b211e49f9e76
- SHA1
  
  5f5680e1bfaa6b806c3be68536c7fd2c6089ca66
- SHA256
  
  cf51137fd01fbda379208b0f344dfebb6832454c69596b8fd39846fd833f04a9
- SHA512
  
  c5a8a3608b559574878ed96379010a35d695846ab24317d6938be70a4c1aa6aeb5505f27949e2ee64b6b5c95c829f18120c536cf9e3536a37dc49096cf668c20
- SSDEEP
  
  6144:Q5aN2Vntc5AZgFculbmTyNdviCkR0ybsQM4PJirrxGP1dY1Bu/fK:caNyqZKre/iL0ywQLBirrQNP/fK
Score

10^/10

stealc zgrat rat stealer
- Detect ZGRat V1
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealczgratratstealer

behavioral2

stealczgratratstealer

© 2018-2025

Terms | Privacy