General
-
Target
d031552188e9d2038cee0b57ebfa15fdcf5d35e38c90b468c71ae4b771ef9ada
-
Size
451KB
-
Sample
240428-ncy83sed68
-
MD5
acd99f789f4d06c0b60e8caa647c6c62
-
SHA1
dfa1ac92c7c460ed19043fdb125580a39b40819d
-
SHA256
d031552188e9d2038cee0b57ebfa15fdcf5d35e38c90b468c71ae4b771ef9ada
-
SHA512
5b3fe2e10c69da31057770bc7a9f0b9f12234e3b8a9b16a2444c991b7a119939e2392ae742418a5793163ead24d47bf412b5b5e2fd837dca67e62df11f066d16
-
SSDEEP
12288:rBwwS3fz8A9Hmzef9HrPQyczMNoFnc1NG:rKHmzM9HroEoFnc1NG
Static task
static1
Behavioral task
behavioral1
Sample
d031552188e9d2038cee0b57ebfa15fdcf5d35e38c90b468c71ae4b771ef9ada.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.62
-
url_path
/902e53a07830e030.php
Targets
-
-
Target
d031552188e9d2038cee0b57ebfa15fdcf5d35e38c90b468c71ae4b771ef9ada
-
Size
451KB
-
MD5
acd99f789f4d06c0b60e8caa647c6c62
-
SHA1
dfa1ac92c7c460ed19043fdb125580a39b40819d
-
SHA256
d031552188e9d2038cee0b57ebfa15fdcf5d35e38c90b468c71ae4b771ef9ada
-
SHA512
5b3fe2e10c69da31057770bc7a9f0b9f12234e3b8a9b16a2444c991b7a119939e2392ae742418a5793163ead24d47bf412b5b5e2fd837dca67e62df11f066d16
-
SSDEEP
12288:rBwwS3fz8A9Hmzef9HrPQyczMNoFnc1NG:rKHmzM9HroEoFnc1NG
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-