General
-
Target
12ff2c609d32ddaeab23d2ddefea06f2382c73daa8e7bb44553771651a52aec8
-
Size
462KB
-
Sample
240425-bafbzace22
-
MD5
752c19741396cdd6c4822fbb73778a21
-
SHA1
8bdd9b2d6c1f020e2c92f42b627fc17632b8e1f7
-
SHA256
12ff2c609d32ddaeab23d2ddefea06f2382c73daa8e7bb44553771651a52aec8
-
SHA512
c44408a79a2fb37fb97c0bda357d6db7bb39c177f726fd88efdd372b015a6edf1228a0c87723a521cd0bb2152153629933aab5506bfd200566f7b859fd4948da
-
SSDEEP
12288:mcFCjqV5Rnj9hK4DSxl/dJq2J+9Dsvg3oHmslnI1:mcFJ5yXVJqywImse1
Static task
static1
Behavioral task
behavioral1
Sample
12ff2c609d32ddaeab23d2ddefea06f2382c73daa8e7bb44553771651a52aec8.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
http://185.172.128.76
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
12ff2c609d32ddaeab23d2ddefea06f2382c73daa8e7bb44553771651a52aec8
-
Size
462KB
-
MD5
752c19741396cdd6c4822fbb73778a21
-
SHA1
8bdd9b2d6c1f020e2c92f42b627fc17632b8e1f7
-
SHA256
12ff2c609d32ddaeab23d2ddefea06f2382c73daa8e7bb44553771651a52aec8
-
SHA512
c44408a79a2fb37fb97c0bda357d6db7bb39c177f726fd88efdd372b015a6edf1228a0c87723a521cd0bb2152153629933aab5506bfd200566f7b859fd4948da
-
SSDEEP
12288:mcFCjqV5Rnj9hK4DSxl/dJq2J+9Dsvg3oHmslnI1:mcFJ5yXVJqywImse1
-
Detect ZGRat V1
-
Detects Arechclient2 RAT
Arechclient2.
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-