General
-
Target
85e8a84ac43b9bb1bc606e46023d989671bda51ced805c07ab8cccf8d45dc7bf
-
Size
386KB
-
Sample
240427-pf76tsah7y
-
MD5
c6434ad7991f41c5a48eb1498f881687
-
SHA1
90c3c0f2ab4a46a9d6e15a7de4c4380f3e4d6906
-
SHA256
85e8a84ac43b9bb1bc606e46023d989671bda51ced805c07ab8cccf8d45dc7bf
-
SHA512
b156c334d25d9159fa033a3f635275911451753008a4ea66986f13737709f3250a15d14c18e1ab95e84b680cabf763002643db8aa6808ce55a9e84b23477e6ba
-
SSDEEP
6144:USzVvkBage3IgFEbPijF94P0JK4oivly+5Nicq8mDLKQH8q8am6mWP:DZnFEbqBrK7T6ic237XP
Static task
static1
Behavioral task
behavioral1
Sample
85e8a84ac43b9bb1bc606e46023d989671bda51ced805c07ab8cccf8d45dc7bf.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
85e8a84ac43b9bb1bc606e46023d989671bda51ced805c07ab8cccf8d45dc7bf.exe
Resource
win11-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.76
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
85e8a84ac43b9bb1bc606e46023d989671bda51ced805c07ab8cccf8d45dc7bf
-
Size
386KB
-
MD5
c6434ad7991f41c5a48eb1498f881687
-
SHA1
90c3c0f2ab4a46a9d6e15a7de4c4380f3e4d6906
-
SHA256
85e8a84ac43b9bb1bc606e46023d989671bda51ced805c07ab8cccf8d45dc7bf
-
SHA512
b156c334d25d9159fa033a3f635275911451753008a4ea66986f13737709f3250a15d14c18e1ab95e84b680cabf763002643db8aa6808ce55a9e84b23477e6ba
-
SSDEEP
6144:USzVvkBage3IgFEbPijF94P0JK4oivly+5Nicq8mDLKQH8q8am6mWP:DZnFEbqBrK7T6ic237XP
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-