General
-
Target
be91111bb1e1de2451c5b71d3c8632b229c01322ea81715d30f4ba49b955ff4f
-
Size
395KB
-
Sample
240426-endbbahg8t
-
MD5
1636f66b20c18c5a2922f5b5515e43ce
-
SHA1
bf99312b4f3ee07395e7596d7089e301a21f437c
-
SHA256
be91111bb1e1de2451c5b71d3c8632b229c01322ea81715d30f4ba49b955ff4f
-
SHA512
8c133187e2a57096a856e8006bd2f2066eb7566686abf8c17cf81a6a9ed08abd1cec620c4ba15bf6f846d6d2b8f076bfcf068eba64b9fdb839831affa63091ea
-
SSDEEP
6144:tJCwBabC3kBgaI2oQGIbxBlzI6V3EKOyepROs4MPF:tJTs9gaIpQp1/zI6EKOyepRO0F
Static task
static1
Behavioral task
behavioral1
Sample
be91111bb1e1de2451c5b71d3c8632b229c01322ea81715d30f4ba49b955ff4f.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
stealc
http://185.172.128.76
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
be91111bb1e1de2451c5b71d3c8632b229c01322ea81715d30f4ba49b955ff4f
-
Size
395KB
-
MD5
1636f66b20c18c5a2922f5b5515e43ce
-
SHA1
bf99312b4f3ee07395e7596d7089e301a21f437c
-
SHA256
be91111bb1e1de2451c5b71d3c8632b229c01322ea81715d30f4ba49b955ff4f
-
SHA512
8c133187e2a57096a856e8006bd2f2066eb7566686abf8c17cf81a6a9ed08abd1cec620c4ba15bf6f846d6d2b8f076bfcf068eba64b9fdb839831affa63091ea
-
SSDEEP
6144:tJCwBabC3kBgaI2oQGIbxBlzI6V3EKOyepROs4MPF:tJTs9gaIpQp1/zI6EKOyepRO0F
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-