General
-
Target
2821c25553ee020c2c2152e736807d2fe944a3264b7098db064f24c3b19558f3
-
Size
396KB
-
Sample
240425-yszjwsea99
-
MD5
458384b4ab999837531ee8a8e5f5670b
-
SHA1
e5d1a104a54771ccaa84de2cfc7be5763726f429
-
SHA256
2821c25553ee020c2c2152e736807d2fe944a3264b7098db064f24c3b19558f3
-
SHA512
eb1b20e4f91ec3a25e44f02e0d9baa5b33b52230a6b5637ea1774569c6bc278f4b89627bcb2840fe7826870498178c10f9916bf3710de6395a248d40aef40def
-
SSDEEP
6144:4bUya3+rSZfUNPi77LXMIoTKsmQ3ol2nb14ov0d1:sUyaySdnLXvoTmWol4b1j41
Static task
static1
Behavioral task
behavioral1
Sample
2821c25553ee020c2c2152e736807d2fe944a3264b7098db064f24c3b19558f3.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
stealc
http://185.172.128.76
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
2821c25553ee020c2c2152e736807d2fe944a3264b7098db064f24c3b19558f3
-
Size
396KB
-
MD5
458384b4ab999837531ee8a8e5f5670b
-
SHA1
e5d1a104a54771ccaa84de2cfc7be5763726f429
-
SHA256
2821c25553ee020c2c2152e736807d2fe944a3264b7098db064f24c3b19558f3
-
SHA512
eb1b20e4f91ec3a25e44f02e0d9baa5b33b52230a6b5637ea1774569c6bc278f4b89627bcb2840fe7826870498178c10f9916bf3710de6395a248d40aef40def
-
SSDEEP
6144:4bUya3+rSZfUNPi77LXMIoTKsmQ3ol2nb14ov0d1:sUyaySdnLXvoTmWol4b1j41
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-