General
-
Target
a91b0a8db700951e27f541810e599f3b46eebc2ba1d5da6633a149bbcf4ff171
-
Size
451KB
-
Sample
240428-1xf98aab88
-
MD5
2aa3f11505d5184722916a74ba5e301b
-
SHA1
b39fd4f91643c66ce575344ed232831a50d0b350
-
SHA256
a91b0a8db700951e27f541810e599f3b46eebc2ba1d5da6633a149bbcf4ff171
-
SHA512
646dd1d0f6b3778c336d523262d48e1dd5f6739b7d51872de3fc9a06569c765034e5cb1e1684b1a5ad797305c205f860d282f3a4fc609a714cdbfd4749950f4a
-
SSDEEP
12288:Dt++0WACRaBnCQ08O0y+li0pUIZ53+gXWN1RUr:ihC1gp+Qk1RUr
Static task
static1
Behavioral task
behavioral1
Sample
a91b0a8db700951e27f541810e599f3b46eebc2ba1d5da6633a149bbcf4ff171.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
a91b0a8db700951e27f541810e599f3b46eebc2ba1d5da6633a149bbcf4ff171
-
Size
451KB
-
MD5
2aa3f11505d5184722916a74ba5e301b
-
SHA1
b39fd4f91643c66ce575344ed232831a50d0b350
-
SHA256
a91b0a8db700951e27f541810e599f3b46eebc2ba1d5da6633a149bbcf4ff171
-
SHA512
646dd1d0f6b3778c336d523262d48e1dd5f6739b7d51872de3fc9a06569c765034e5cb1e1684b1a5ad797305c205f860d282f3a4fc609a714cdbfd4749950f4a
-
SSDEEP
12288:Dt++0WACRaBnCQ08O0y+li0pUIZ53+gXWN1RUr:ihC1gp+Qk1RUr
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-