General
-
Target
ba9cbc88e931954d07f5c067e67699d3a91cf9e0917a4ccd4e5065296f2da80b
-
Size
395KB
-
Sample
240426-ekwy9ahg51
-
MD5
71c036b28ca03baf96cc1cbfcfb7281e
-
SHA1
bdf33cd1ced7176f06c7210a36c48faf57e4227e
-
SHA256
ba9cbc88e931954d07f5c067e67699d3a91cf9e0917a4ccd4e5065296f2da80b
-
SHA512
c4964e78ab408f0f72a77c7956aa2bb502633fe77e40daea840e4b7e3cfc2d119f083ab9c12c02a88f1a053f2529285fa31626c933ff9d3e0f10a99ea4e202b8
-
SSDEEP
6144:tJCwBabC3kBgaI2oQGIbxBlzI6V3EKOyepROs4MPP:tJTs9gaIpQp1/zI6EKOyepRO0P
Static task
static1
Behavioral task
behavioral1
Sample
ba9cbc88e931954d07f5c067e67699d3a91cf9e0917a4ccd4e5065296f2da80b.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
stealc
http://185.172.128.76
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
ba9cbc88e931954d07f5c067e67699d3a91cf9e0917a4ccd4e5065296f2da80b
-
Size
395KB
-
MD5
71c036b28ca03baf96cc1cbfcfb7281e
-
SHA1
bdf33cd1ced7176f06c7210a36c48faf57e4227e
-
SHA256
ba9cbc88e931954d07f5c067e67699d3a91cf9e0917a4ccd4e5065296f2da80b
-
SHA512
c4964e78ab408f0f72a77c7956aa2bb502633fe77e40daea840e4b7e3cfc2d119f083ab9c12c02a88f1a053f2529285fa31626c933ff9d3e0f10a99ea4e202b8
-
SSDEEP
6144:tJCwBabC3kBgaI2oQGIbxBlzI6V3EKOyepROs4MPP:tJTs9gaIpQp1/zI6EKOyepRO0P
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-