General
-
Target
12beb2655f1cc39c31fb53bc72670deef2f6311e0f5c2b22fbc85a4ad3cab306
-
Size
405KB
-
Sample
240425-18dcpsfh4y
-
MD5
33b1abd3cc664e77be3798f9648c2f1a
-
SHA1
ef0e1f6edf5127b9f936359881752c3a3cb1c2b7
-
SHA256
12beb2655f1cc39c31fb53bc72670deef2f6311e0f5c2b22fbc85a4ad3cab306
-
SHA512
f64087e9fa7fccf5dbdc94c826dc3f20b7242acec3e647c6b2bef7727136154ea2bbebdd5a14e717a1e85926a1fad4ad50623927a4a93e0a467ce4fff2940d49
-
SSDEEP
6144:6lvgNss1kOj6Ljn7bgDKzgH3SYfmwdG2mFdEL4tOJDsE:6lvgmaeH4KzgXxfFGDdELuOJDsE
Static task
static1
Behavioral task
behavioral1
Sample
12beb2655f1cc39c31fb53bc72670deef2f6311e0f5c2b22fbc85a4ad3cab306.exe
Resource
win7-20240220-en
Malware Config
Extracted
stealc
http://185.172.128.76
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
12beb2655f1cc39c31fb53bc72670deef2f6311e0f5c2b22fbc85a4ad3cab306
-
Size
405KB
-
MD5
33b1abd3cc664e77be3798f9648c2f1a
-
SHA1
ef0e1f6edf5127b9f936359881752c3a3cb1c2b7
-
SHA256
12beb2655f1cc39c31fb53bc72670deef2f6311e0f5c2b22fbc85a4ad3cab306
-
SHA512
f64087e9fa7fccf5dbdc94c826dc3f20b7242acec3e647c6b2bef7727136154ea2bbebdd5a14e717a1e85926a1fad4ad50623927a4a93e0a467ce4fff2940d49
-
SSDEEP
6144:6lvgNss1kOj6Ljn7bgDKzgH3SYfmwdG2mFdEL4tOJDsE:6lvgmaeH4KzgXxfFGDdELuOJDsE
-
Detect ZGRat V1
-
Detects Arechclient2 RAT
Arechclient2.
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-