General
-
Target
50e2f39f3cd1a94eed4ef99c12dfaf659fc71070a4978df25ab597efd81af36c.exe
-
Size
347KB
-
Sample
240428-br2arsdc5s
-
MD5
2f92771837d1f5eac6cb5a2f615c843d
-
SHA1
61e23525c0090433711dc6e5d74cf96f308763e6
-
SHA256
50e2f39f3cd1a94eed4ef99c12dfaf659fc71070a4978df25ab597efd81af36c
-
SHA512
a6ce7083ddcaa2a94500010880960344e5a2153a7905019380eaf39e8ed4cc9a3cd31010740b466e19c83cda135bbd4d51807875fec1bc6018a474f7fc38a0ea
-
SSDEEP
6144:ToBqFgnH6oK/xcYNKD8r+syjBJw45rtMLYC43J9fa7nxNHnKTY:EawahCYgD8CsKJw4/MchjCnMY
Static task
static1
Behavioral task
behavioral1
Sample
50e2f39f3cd1a94eed4ef99c12dfaf659fc71070a4978df25ab597efd81af36c.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
http://185.172.128.62
-
url_path
/902e53a07830e030.php
Targets
-
-
Target
50e2f39f3cd1a94eed4ef99c12dfaf659fc71070a4978df25ab597efd81af36c.exe
-
Size
347KB
-
MD5
2f92771837d1f5eac6cb5a2f615c843d
-
SHA1
61e23525c0090433711dc6e5d74cf96f308763e6
-
SHA256
50e2f39f3cd1a94eed4ef99c12dfaf659fc71070a4978df25ab597efd81af36c
-
SHA512
a6ce7083ddcaa2a94500010880960344e5a2153a7905019380eaf39e8ed4cc9a3cd31010740b466e19c83cda135bbd4d51807875fec1bc6018a474f7fc38a0ea
-
SSDEEP
6144:ToBqFgnH6oK/xcYNKD8r+syjBJw45rtMLYC43J9fa7nxNHnKTY:EawahCYgD8CsKJw4/MchjCnMY
-
Detect ZGRat V1
-
SectopRAT payload
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects encrypted or obfuscated .NET executables
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-