General
-
Target
3d50246010407b3464154b8f743231dd360a8057f577e2a2e0f16a2e0eaffc45
-
Size
448KB
-
Sample
240428-2j646aah66
-
MD5
caff5924571332786f455fcb7f950118
-
SHA1
d34c299691bab9929c735b5d88a03f1d499c7cc5
-
SHA256
3d50246010407b3464154b8f743231dd360a8057f577e2a2e0f16a2e0eaffc45
-
SHA512
b4b1a49e754286a515ca39883ed73ceddf6d2343f9cba39b66655e5b9068321ee943c4072000b02c857eb96bb45ec3d69fa827527ac817e494b853fc5b567650
-
SSDEEP
6144:oNF3POAieKg0hJzuXlGf1aoe9LhE5alENffh/Zoftod2TD2xmSuWVK:oNF/OAi3wUavE5alENffh/q1SYFWVK
Static task
static1
Behavioral task
behavioral1
Sample
3d50246010407b3464154b8f743231dd360a8057f577e2a2e0f16a2e0eaffc45.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
3d50246010407b3464154b8f743231dd360a8057f577e2a2e0f16a2e0eaffc45
-
Size
448KB
-
MD5
caff5924571332786f455fcb7f950118
-
SHA1
d34c299691bab9929c735b5d88a03f1d499c7cc5
-
SHA256
3d50246010407b3464154b8f743231dd360a8057f577e2a2e0f16a2e0eaffc45
-
SHA512
b4b1a49e754286a515ca39883ed73ceddf6d2343f9cba39b66655e5b9068321ee943c4072000b02c857eb96bb45ec3d69fa827527ac817e494b853fc5b567650
-
SSDEEP
6144:oNF3POAieKg0hJzuXlGf1aoe9LhE5alENffh/Zoftod2TD2xmSuWVK:oNF/OAi3wUavE5alENffh/q1SYFWVK
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-