General
-
Target
4d1259d2ca725766850d79a00a0dbbc6ab0d0b7d904fddb14980f56b630f0fcd
-
Size
456KB
-
Sample
240428-gszffshf54
-
MD5
66cf4b0695b91283420f4e68a239e078
-
SHA1
2a8c72655d939cf0489566b24b065394b8cb2136
-
SHA256
4d1259d2ca725766850d79a00a0dbbc6ab0d0b7d904fddb14980f56b630f0fcd
-
SHA512
4b80947dc59bd7f0ea72e1db552ae5de9d99c0d562f0ddb5c2d3dd467f0ce1ae996b06aac192967b2385840773e18d9519db263ea7f9323bf0b7aab4eccc8bb3
-
SSDEEP
12288:SMAzoV3Y9YLR4W/Rt7yL794skEZUXwE8S:IoV3Y9YLRN/XQUOUXwE8S
Static task
static1
Behavioral task
behavioral1
Sample
4d1259d2ca725766850d79a00a0dbbc6ab0d0b7d904fddb14980f56b630f0fcd.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
stealc
http://185.172.128.62
-
url_path
/902e53a07830e030.php
Targets
-
-
Target
4d1259d2ca725766850d79a00a0dbbc6ab0d0b7d904fddb14980f56b630f0fcd
-
Size
456KB
-
MD5
66cf4b0695b91283420f4e68a239e078
-
SHA1
2a8c72655d939cf0489566b24b065394b8cb2136
-
SHA256
4d1259d2ca725766850d79a00a0dbbc6ab0d0b7d904fddb14980f56b630f0fcd
-
SHA512
4b80947dc59bd7f0ea72e1db552ae5de9d99c0d562f0ddb5c2d3dd467f0ce1ae996b06aac192967b2385840773e18d9519db263ea7f9323bf0b7aab4eccc8bb3
-
SSDEEP
12288:SMAzoV3Y9YLR4W/Rt7yL794skEZUXwE8S:IoV3Y9YLRN/XQUOUXwE8S
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-