General
-
Target
67aaf2048b20905e1b0ad11072d043a22ae084e75e64ec505cfa25dec05c0cc4
-
Size
394KB
-
Sample
240427-klcvnafa44
-
MD5
39555387fd5ebf7aa361bda362e9ce6f
-
SHA1
79b408b361b9f7b69bce498eb4fd42f16ff23c11
-
SHA256
67aaf2048b20905e1b0ad11072d043a22ae084e75e64ec505cfa25dec05c0cc4
-
SHA512
9482332bccddc8400012cf62fd725b64a5b9279e9222a18e28a24c02f1b6c355903f3f2b3ae220f9caf5e41b761d5c3b93b44f7db6179688e476c5c5490c53b3
-
SSDEEP
6144:sCkJFI6R8nSacs8foP5sn/3UufI5MhBECEwXG6L9FHUGEM62P:sCeLR/acs4oY+5MhfhV9FLP
Malware Config
Extracted
stealc
http://185.172.128.76
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
67aaf2048b20905e1b0ad11072d043a22ae084e75e64ec505cfa25dec05c0cc4
-
Size
394KB
-
MD5
39555387fd5ebf7aa361bda362e9ce6f
-
SHA1
79b408b361b9f7b69bce498eb4fd42f16ff23c11
-
SHA256
67aaf2048b20905e1b0ad11072d043a22ae084e75e64ec505cfa25dec05c0cc4
-
SHA512
9482332bccddc8400012cf62fd725b64a5b9279e9222a18e28a24c02f1b6c355903f3f2b3ae220f9caf5e41b761d5c3b93b44f7db6179688e476c5c5490c53b3
-
SSDEEP
6144:sCkJFI6R8nSacs8foP5sn/3UufI5MhBECEwXG6L9FHUGEM62P:sCeLR/acs4oY+5MhfhV9FLP
Score10/10-
Detect ZGRat V1
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Stealc
Stealc is an infostealer written in C++.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-