General
-
Target
276351bbf592f164b3c090947a16192199f8c51f70330b7e840a81aef7a2fb1f
-
Size
451KB
-
Sample
240428-1w649aaf2v
-
MD5
80a85759d45b1ebf79075db26015acb1
-
SHA1
72140359ce537e3fee86171641ccc70e0800a274
-
SHA256
276351bbf592f164b3c090947a16192199f8c51f70330b7e840a81aef7a2fb1f
-
SHA512
c532e9829e011a3397a140c088aece4d234c86ec38d36988e871d479765874cd3f093944471f9fa99908eb36531692cea858567cd20e70da2ab288f6e08a6334
-
SSDEEP
12288:Dt++0WACRaBnCQ08O0y+li0pUIZ53+gXWN1RUh:ihC1gp+Qk1RUh
Static task
static1
Behavioral task
behavioral1
Sample
276351bbf592f164b3c090947a16192199f8c51f70330b7e840a81aef7a2fb1f.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
276351bbf592f164b3c090947a16192199f8c51f70330b7e840a81aef7a2fb1f
-
Size
451KB
-
MD5
80a85759d45b1ebf79075db26015acb1
-
SHA1
72140359ce537e3fee86171641ccc70e0800a274
-
SHA256
276351bbf592f164b3c090947a16192199f8c51f70330b7e840a81aef7a2fb1f
-
SHA512
c532e9829e011a3397a140c088aece4d234c86ec38d36988e871d479765874cd3f093944471f9fa99908eb36531692cea858567cd20e70da2ab288f6e08a6334
-
SSDEEP
12288:Dt++0WACRaBnCQ08O0y+li0pUIZ53+gXWN1RUh:ihC1gp+Qk1RUh
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-