General
-
Target
4c260c37ff0426ee70b74a8eced50bbf526be0ecb1789ef9bbcc1db1b9df94b4
-
Size
396KB
-
Sample
240425-y6agxseb8w
-
MD5
a7d85b87c4e80d382f0c5b152c58b54c
-
SHA1
d2bd90a39aec985deda625923bf703761a2b4c79
-
SHA256
4c260c37ff0426ee70b74a8eced50bbf526be0ecb1789ef9bbcc1db1b9df94b4
-
SHA512
dfbf3a7e02a7e4fde1539a02bc5411f5b60ffaae9dbedb4b1f18e0aa9cb037528f1f5d8d28d89c5d5908dab47dae4382df1da5d3514f607c321e78b1530b8f9f
-
SSDEEP
6144:4bUya3+rSZfUNPi77LXMIoTKsmQ3ol2nb14ov0d6:sUyaySdnLXvoTmWol4b1j46
Static task
static1
Behavioral task
behavioral1
Sample
4c260c37ff0426ee70b74a8eced50bbf526be0ecb1789ef9bbcc1db1b9df94b4.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
stealc
http://185.172.128.76
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
4c260c37ff0426ee70b74a8eced50bbf526be0ecb1789ef9bbcc1db1b9df94b4
-
Size
396KB
-
MD5
a7d85b87c4e80d382f0c5b152c58b54c
-
SHA1
d2bd90a39aec985deda625923bf703761a2b4c79
-
SHA256
4c260c37ff0426ee70b74a8eced50bbf526be0ecb1789ef9bbcc1db1b9df94b4
-
SHA512
dfbf3a7e02a7e4fde1539a02bc5411f5b60ffaae9dbedb4b1f18e0aa9cb037528f1f5d8d28d89c5d5908dab47dae4382df1da5d3514f607c321e78b1530b8f9f
-
SSDEEP
6144:4bUya3+rSZfUNPi77LXMIoTKsmQ3ol2nb14ov0d6:sUyaySdnLXvoTmWol4b1j46
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-