General
-
Target
2a7794525ebee863d10a434f5d0f638093db55f9e3163b3a4e6296a55ae079cc
-
Size
452KB
-
Sample
240428-bn2r5acg76
-
MD5
cbec18d0c5c3587464214f1f706ea105
-
SHA1
27b8cd2f6c2697e1ffb3bc2df20cf9f5bd6eaeb9
-
SHA256
2a7794525ebee863d10a434f5d0f638093db55f9e3163b3a4e6296a55ae079cc
-
SHA512
d720efedeb79865f5330c19dea03ca2979b439ca7b149cf5f016a73bc30b39ea24b6e7e3be1790acc0fba2c3d471ec26408c33ecd9488717979f42684ce46fbf
-
SSDEEP
6144:rOrXOdV6MDOrctj6AwnV3NPYvEmAYc42VBPg1BwnFo7s4lD:rGO0r5AwlqvExYh0g1MKI4lD
Static task
static1
Behavioral task
behavioral1
Sample
2a7794525ebee863d10a434f5d0f638093db55f9e3163b3a4e6296a55ae079cc.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
2a7794525ebee863d10a434f5d0f638093db55f9e3163b3a4e6296a55ae079cc.exe
Resource
win11-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.62
-
url_path
/902e53a07830e030.php
Targets
-
-
Target
2a7794525ebee863d10a434f5d0f638093db55f9e3163b3a4e6296a55ae079cc
-
Size
452KB
-
MD5
cbec18d0c5c3587464214f1f706ea105
-
SHA1
27b8cd2f6c2697e1ffb3bc2df20cf9f5bd6eaeb9
-
SHA256
2a7794525ebee863d10a434f5d0f638093db55f9e3163b3a4e6296a55ae079cc
-
SHA512
d720efedeb79865f5330c19dea03ca2979b439ca7b149cf5f016a73bc30b39ea24b6e7e3be1790acc0fba2c3d471ec26408c33ecd9488717979f42684ce46fbf
-
SSDEEP
6144:rOrXOdV6MDOrctj6AwnV3NPYvEmAYc42VBPg1BwnFo7s4lD:rGO0r5AwlqvExYh0g1MKI4lD
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-