General
-
Target
345050de5e24fcf643d92c82ed0b6f240e1b0fc034782b8e3df14fe7556155e3.exe
-
Size
347KB
-
Sample
240428-blgn6scf74
-
MD5
5536e9ce5737b4457b7d17c4adb2cd85
-
SHA1
46ba9c55e8f98769086ba13326b4109188205dc3
-
SHA256
345050de5e24fcf643d92c82ed0b6f240e1b0fc034782b8e3df14fe7556155e3
-
SHA512
e37578ccc5854642c78ab7fd92a1e21755a1ef11abca8f92e81d6b09ba2e9e28beb785ec5f5babec85dd2d641e73df920b0b8fc2fb674e77d1ee033b2b780a0a
-
SSDEEP
6144:8o+4WgjZb/JFOtrrcQfDowFsTPgZvaRGbmDgAsWrJhUN5m8BOI:5ZjZb/JfQboRTAvaYykBAfFI
Static task
static1
Behavioral task
behavioral1
Sample
345050de5e24fcf643d92c82ed0b6f240e1b0fc034782b8e3df14fe7556155e3.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
http://185.172.128.62
-
url_path
/902e53a07830e030.php
Targets
-
-
Target
345050de5e24fcf643d92c82ed0b6f240e1b0fc034782b8e3df14fe7556155e3.exe
-
Size
347KB
-
MD5
5536e9ce5737b4457b7d17c4adb2cd85
-
SHA1
46ba9c55e8f98769086ba13326b4109188205dc3
-
SHA256
345050de5e24fcf643d92c82ed0b6f240e1b0fc034782b8e3df14fe7556155e3
-
SHA512
e37578ccc5854642c78ab7fd92a1e21755a1ef11abca8f92e81d6b09ba2e9e28beb785ec5f5babec85dd2d641e73df920b0b8fc2fb674e77d1ee033b2b780a0a
-
SSDEEP
6144:8o+4WgjZb/JFOtrrcQfDowFsTPgZvaRGbmDgAsWrJhUN5m8BOI:5ZjZb/JfQboRTAvaYykBAfFI
-
Detect ZGRat V1
-
SectopRAT payload
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects encrypted or obfuscated .NET executables
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-