General
-
Target
af8b4b4921cb5c71980a0c33d85e20f87ff9c393962e177b33441401f3d9f0c6
-
Size
451KB
-
Sample
240428-nhb1qseg3x
-
MD5
df7086dc5aa791eded3dca69d4e74f84
-
SHA1
7cdc39b8348f150d7e37688df4dd3d790feffd87
-
SHA256
af8b4b4921cb5c71980a0c33d85e20f87ff9c393962e177b33441401f3d9f0c6
-
SHA512
c567275d51215610e6159b77bb26ef76d0ae5b63d46789938bb9bdaa6a8f53eb12aad579781396debfb551d7816ce96fa6bb8b54c65f51e09ab5ba340541a344
-
SSDEEP
12288:rBwwS3fz8A9Hmzef9HrPQyczMNoFnc1ND:rKHmzM9HroEoFnc1ND
Static task
static1
Behavioral task
behavioral1
Sample
af8b4b4921cb5c71980a0c33d85e20f87ff9c393962e177b33441401f3d9f0c6.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.62
-
url_path
/902e53a07830e030.php
Targets
-
-
Target
af8b4b4921cb5c71980a0c33d85e20f87ff9c393962e177b33441401f3d9f0c6
-
Size
451KB
-
MD5
df7086dc5aa791eded3dca69d4e74f84
-
SHA1
7cdc39b8348f150d7e37688df4dd3d790feffd87
-
SHA256
af8b4b4921cb5c71980a0c33d85e20f87ff9c393962e177b33441401f3d9f0c6
-
SHA512
c567275d51215610e6159b77bb26ef76d0ae5b63d46789938bb9bdaa6a8f53eb12aad579781396debfb551d7816ce96fa6bb8b54c65f51e09ab5ba340541a344
-
SSDEEP
12288:rBwwS3fz8A9Hmzef9HrPQyczMNoFnc1ND:rKHmzM9HroEoFnc1ND
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-