General
-
Target
0f8ce0c2f6ba4d92ad06eb6974f3eb58aed1ad968865a3da513a2770e825f34d
-
Size
395KB
-
Sample
240426-emg8wahg72
-
MD5
dedaba31a5cb0155c9bb6d9b2e3f6569
-
SHA1
3a9702f4ad5999bdbdcd4629fa4de6c0ae779b19
-
SHA256
0f8ce0c2f6ba4d92ad06eb6974f3eb58aed1ad968865a3da513a2770e825f34d
-
SHA512
ec9744ac5a5e7bddfdefe2aba43bc30ace9e7021371f837480976b4dc6595745d5303b057c930b484ab382700bc1caf2a1e38970925a4b48ce60982a3bef9a1c
-
SSDEEP
6144:tJCwBabC3kBgaI2oQGIbxBlzI6V3EKOyepROs4MPK:tJTs9gaIpQp1/zI6EKOyepRO0K
Static task
static1
Behavioral task
behavioral1
Sample
0f8ce0c2f6ba4d92ad06eb6974f3eb58aed1ad968865a3da513a2770e825f34d.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
stealc
http://185.172.128.76
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
0f8ce0c2f6ba4d92ad06eb6974f3eb58aed1ad968865a3da513a2770e825f34d
-
Size
395KB
-
MD5
dedaba31a5cb0155c9bb6d9b2e3f6569
-
SHA1
3a9702f4ad5999bdbdcd4629fa4de6c0ae779b19
-
SHA256
0f8ce0c2f6ba4d92ad06eb6974f3eb58aed1ad968865a3da513a2770e825f34d
-
SHA512
ec9744ac5a5e7bddfdefe2aba43bc30ace9e7021371f837480976b4dc6595745d5303b057c930b484ab382700bc1caf2a1e38970925a4b48ce60982a3bef9a1c
-
SSDEEP
6144:tJCwBabC3kBgaI2oQGIbxBlzI6V3EKOyepROs4MPK:tJTs9gaIpQp1/zI6EKOyepRO0K
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-