General
-
Target
5f07907b56589f833d0916aa6b4428977082a844878e620f49053dc868670f52
-
Size
396KB
-
Sample
240425-yrne8sea5y
-
MD5
f8010cfbb1ea6f0c8525eaba77721cf7
-
SHA1
cf5e7b72af904301fa13f7ec8a8be324dde5c3ea
-
SHA256
5f07907b56589f833d0916aa6b4428977082a844878e620f49053dc868670f52
-
SHA512
f295deaf43a8a6f1ec8fc2172da6c569914e8e91f814ff575be2856b227a7ad3be889913113d8c0f690dcf7b321ba74adc74eac00b05e1abeb3a288b6ab5dcec
-
SSDEEP
6144:4bUya3+rSZfUNPi77LXMIoTKsmQ3ol2nb14ov0d4:sUyaySdnLXvoTmWol4b1j44
Static task
static1
Behavioral task
behavioral1
Sample
5f07907b56589f833d0916aa6b4428977082a844878e620f49053dc868670f52.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
stealc
http://185.172.128.76
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
5f07907b56589f833d0916aa6b4428977082a844878e620f49053dc868670f52
-
Size
396KB
-
MD5
f8010cfbb1ea6f0c8525eaba77721cf7
-
SHA1
cf5e7b72af904301fa13f7ec8a8be324dde5c3ea
-
SHA256
5f07907b56589f833d0916aa6b4428977082a844878e620f49053dc868670f52
-
SHA512
f295deaf43a8a6f1ec8fc2172da6c569914e8e91f814ff575be2856b227a7ad3be889913113d8c0f690dcf7b321ba74adc74eac00b05e1abeb3a288b6ab5dcec
-
SSDEEP
6144:4bUya3+rSZfUNPi77LXMIoTKsmQ3ol2nb14ov0d4:sUyaySdnLXvoTmWol4b1j44
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-