General
-
Target
0a7871874dc7111b978e798f616211f9.bin
-
Size
327KB
-
Sample
240428-bc6a6scd66
-
MD5
9adc73ffc42feeb984db1078b5aad48c
-
SHA1
32c19ef472d5e9063614f9d8cd950a2667c1d3b7
-
SHA256
7f3d710dde55365c2a3d8b67956f1169ede7fdbb5507ba2d185db4fdf4fd014c
-
SHA512
f44376f70a467c59d8bc8aebe525ef5a1fcd3699d5a7f6ba2558f8b83778d328ec74c1b30c3d8769f32845716b5a92fc73378b12825502692b209376d8a8c1ba
-
SSDEEP
6144:KglVeSHlViOJKjan0rmoVdC72dBT9O+MDlNyt2G3onrds764QHb7jeZGW+oouS88:KgffH2SnnydbID6tGrS764Q773EgHn
Static task
static1
Behavioral task
behavioral1
Sample
209765690105250f9d48d09d6bf6c4bbe22668e38b7b7e400b703e27bec45057.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
209765690105250f9d48d09d6bf6c4bbe22668e38b7b7e400b703e27bec45057.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.62
-
url_path
/902e53a07830e030.php
Targets
-
-
Target
209765690105250f9d48d09d6bf6c4bbe22668e38b7b7e400b703e27bec45057.exe
-
Size
449KB
-
MD5
0a7871874dc7111b978e798f616211f9
-
SHA1
5f020eefc6d5da7efecd31bd3911911169d99021
-
SHA256
209765690105250f9d48d09d6bf6c4bbe22668e38b7b7e400b703e27bec45057
-
SHA512
19b5f8b0f64a0175494d7725875d57cf66a4c90a9fba74e0333f129e1386c6c2458ffc35f4774fad01e8fa2b2ccd59baf56dcc65a27e4f90d42005fe25fbda52
-
SSDEEP
12288:UguknPtI9oifhEvyzH3Ig4t5Ri3zg8kQAX6YK1:znFRiySH3Ilt5Ri3rkT6Ye
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-