General
-
Target
0aee4483f97a3a3989ede57f5260f585fa8a622064993729a9ede5b0adc88a1e
-
Size
394KB
-
Sample
240427-fyl7mscf7v
-
MD5
8ab890785d569d1a5b2c09fe772b77ae
-
SHA1
ae3b12ac67062336df10b73d50db872c27885385
-
SHA256
0aee4483f97a3a3989ede57f5260f585fa8a622064993729a9ede5b0adc88a1e
-
SHA512
8c179ac53821b5cceb7e62cde6ea68c8fe5de98d5cd89f8853efcfb4694d798c14d27f7e6b5236646d54cb2e2a125b094b3f319e21c9496243629121f435842b
-
SSDEEP
6144:fsJVip+l5fK53hCfPr+ICF1ggQyGiezkMza6:fszip+7K52P/+tQdq6
Static task
static1
Behavioral task
behavioral1
Sample
0aee4483f97a3a3989ede57f5260f585fa8a622064993729a9ede5b0adc88a1e.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
0aee4483f97a3a3989ede57f5260f585fa8a622064993729a9ede5b0adc88a1e.exe
Resource
win11-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.76
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
0aee4483f97a3a3989ede57f5260f585fa8a622064993729a9ede5b0adc88a1e
-
Size
394KB
-
MD5
8ab890785d569d1a5b2c09fe772b77ae
-
SHA1
ae3b12ac67062336df10b73d50db872c27885385
-
SHA256
0aee4483f97a3a3989ede57f5260f585fa8a622064993729a9ede5b0adc88a1e
-
SHA512
8c179ac53821b5cceb7e62cde6ea68c8fe5de98d5cd89f8853efcfb4694d798c14d27f7e6b5236646d54cb2e2a125b094b3f319e21c9496243629121f435842b
-
SSDEEP
6144:fsJVip+l5fK53hCfPr+ICF1ggQyGiezkMza6:fszip+7K52P/+tQdq6
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-