General
-
Target
ba4741c0e081d02a63e4646049a64aef.exe
-
Size
451KB
-
Sample
240428-v3pkwsdb5v
-
MD5
ba4741c0e081d02a63e4646049a64aef
-
SHA1
13e2a8ef046f22bbdcbfb0d4ef3dd2ab7350636f
-
SHA256
2e19bc44d1c2c70d9de95546e406da87e217304fbb530ff2fd14fc221ec4b025
-
SHA512
938cd0381948b2256582b7fbabff3cd4379dae3b50c50801e9aca91e62306fdeb8ba46edeca60ae8f82e7156ac48f42a485d94b8204645e5bc683a5c483ef8a9
-
SSDEEP
6144:EbizKU6CpA9+9+HDs15JInfn07l7Ro9+mdb7nrAUYj9To2BwMt2jBse7NUt:EbMKUHmcQs7Po9+esUYjq2SUUTBUt
Static task
static1
Behavioral task
behavioral1
Sample
ba4741c0e081d02a63e4646049a64aef.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
ba4741c0e081d02a63e4646049a64aef.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
ba4741c0e081d02a63e4646049a64aef.exe
-
Size
451KB
-
MD5
ba4741c0e081d02a63e4646049a64aef
-
SHA1
13e2a8ef046f22bbdcbfb0d4ef3dd2ab7350636f
-
SHA256
2e19bc44d1c2c70d9de95546e406da87e217304fbb530ff2fd14fc221ec4b025
-
SHA512
938cd0381948b2256582b7fbabff3cd4379dae3b50c50801e9aca91e62306fdeb8ba46edeca60ae8f82e7156ac48f42a485d94b8204645e5bc683a5c483ef8a9
-
SSDEEP
6144:EbizKU6CpA9+9+HDs15JInfn07l7Ro9+mdb7nrAUYj9To2BwMt2jBse7NUt:EbMKUHmcQs7Po9+esUYjq2SUUTBUt
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-