General
-
Target
cb4bf8865165b159e415e0142170f9d3edaf1f559bc921ec14d05392e2181986
-
Size
448KB
-
Sample
240428-2f5f6aag96
-
MD5
1209bdc89bbd9f5de5f8745ba9ae1ba5
-
SHA1
f88d19522d3f90750760a45a759b19d58ca5964e
-
SHA256
cb4bf8865165b159e415e0142170f9d3edaf1f559bc921ec14d05392e2181986
-
SHA512
ce68cdff0e484df4639169d8b0b2ea42eed452885ef20707e5f5fd590b40510258fd6137194b1b9269aaf4efca5db7ce99ba22f152068a4a47154ce277c41aba
-
SSDEEP
6144:oNF3POAieKg0hJzuXlGf1aoe9LhE5alENffh/Zoftod2TD2xmSuWVH:oNF/OAi3wUavE5alENffh/q1SYFWVH
Static task
static1
Behavioral task
behavioral1
Sample
cb4bf8865165b159e415e0142170f9d3edaf1f559bc921ec14d05392e2181986.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
cb4bf8865165b159e415e0142170f9d3edaf1f559bc921ec14d05392e2181986
-
Size
448KB
-
MD5
1209bdc89bbd9f5de5f8745ba9ae1ba5
-
SHA1
f88d19522d3f90750760a45a759b19d58ca5964e
-
SHA256
cb4bf8865165b159e415e0142170f9d3edaf1f559bc921ec14d05392e2181986
-
SHA512
ce68cdff0e484df4639169d8b0b2ea42eed452885ef20707e5f5fd590b40510258fd6137194b1b9269aaf4efca5db7ce99ba22f152068a4a47154ce277c41aba
-
SSDEEP
6144:oNF3POAieKg0hJzuXlGf1aoe9LhE5alENffh/Zoftod2TD2xmSuWVH:oNF/OAi3wUavE5alENffh/q1SYFWVH
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-