General
-
Target
c94ea8fe850a588a628cb3350a52c278.exe
-
Size
455KB
-
Sample
240428-czqpnsec59
-
MD5
c94ea8fe850a588a628cb3350a52c278
-
SHA1
869ae193e0262e0367f91410fe1d4972c1ebfcc4
-
SHA256
974402091e092f0468290ab1d4380ec41b0cf66f28f683a0102fe9c0af2c7fde
-
SHA512
c1c202864b43379d90098727b148f027bba3dab699bb7e9684f62078cd19de904c2d6ca10f9f3cddb399ce6e1e0d92eebd03cb146ca99b9f9a056675bb17c3ea
-
SSDEEP
6144:wPKlSI6wvdEjpq79xyN+PKbaKNt8RUeW2s4A9YoxYrP9nys3ODED:wylSI66yj4nOaaJh9x6tT3wED
Static task
static1
Behavioral task
behavioral1
Sample
c94ea8fe850a588a628cb3350a52c278.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c94ea8fe850a588a628cb3350a52c278.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.62
-
url_path
/902e53a07830e030.php
Targets
-
-
Target
c94ea8fe850a588a628cb3350a52c278.exe
-
Size
455KB
-
MD5
c94ea8fe850a588a628cb3350a52c278
-
SHA1
869ae193e0262e0367f91410fe1d4972c1ebfcc4
-
SHA256
974402091e092f0468290ab1d4380ec41b0cf66f28f683a0102fe9c0af2c7fde
-
SHA512
c1c202864b43379d90098727b148f027bba3dab699bb7e9684f62078cd19de904c2d6ca10f9f3cddb399ce6e1e0d92eebd03cb146ca99b9f9a056675bb17c3ea
-
SSDEEP
6144:wPKlSI6wvdEjpq79xyN+PKbaKNt8RUeW2s4A9YoxYrP9nys3ODED:wylSI66yj4nOaaJh9x6tT3wED
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-