General
-
Target
fccd4ad22a225e2bae0cab5bd02c3587bd3a1c900ae34d7f0e4aea7280fda20b
-
Size
451KB
-
Sample
240428-nfec3sef7w
-
MD5
fad3fa41f288a2744bb4484ca102ce37
-
SHA1
ce2927b6d96382310a30a5375ac5091700b05454
-
SHA256
fccd4ad22a225e2bae0cab5bd02c3587bd3a1c900ae34d7f0e4aea7280fda20b
-
SHA512
d6a258ad64bd33a77ea5c2a72e9e0c3a715a55a71b43e3a6973490b32fa9bff5666fcf190c98d24047c5b35ec01c3029b1d1b92de4f0de427fb4e324abf72279
-
SSDEEP
12288:rBwwS3fz8A9Hmzef9HrPQyczMNoFnc1NB:rKHmzM9HroEoFnc1NB
Static task
static1
Behavioral task
behavioral1
Sample
fccd4ad22a225e2bae0cab5bd02c3587bd3a1c900ae34d7f0e4aea7280fda20b.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
fccd4ad22a225e2bae0cab5bd02c3587bd3a1c900ae34d7f0e4aea7280fda20b.exe
Resource
win11-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.62
-
url_path
/902e53a07830e030.php
Targets
-
-
Target
fccd4ad22a225e2bae0cab5bd02c3587bd3a1c900ae34d7f0e4aea7280fda20b
-
Size
451KB
-
MD5
fad3fa41f288a2744bb4484ca102ce37
-
SHA1
ce2927b6d96382310a30a5375ac5091700b05454
-
SHA256
fccd4ad22a225e2bae0cab5bd02c3587bd3a1c900ae34d7f0e4aea7280fda20b
-
SHA512
d6a258ad64bd33a77ea5c2a72e9e0c3a715a55a71b43e3a6973490b32fa9bff5666fcf190c98d24047c5b35ec01c3029b1d1b92de4f0de427fb4e324abf72279
-
SSDEEP
12288:rBwwS3fz8A9Hmzef9HrPQyczMNoFnc1NB:rKHmzM9HroEoFnc1NB
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-