General
-
Target
df620b823687fa8371cb9e5a0dc17c483d804ef601757968b8666de2608d8ebb
-
Size
431KB
-
Sample
240429-f2z8nsbh7w
-
MD5
fcac04fb67b3dec2db923867c5cb0701
-
SHA1
56af848d85c781fd6ac0b8e11b2aec770fc4a105
-
SHA256
df620b823687fa8371cb9e5a0dc17c483d804ef601757968b8666de2608d8ebb
-
SHA512
66dd7676f43c1578e9d1f2e7e6bca50ae84541497d7b5801872fe7bad8118bc92d06ba4fd0f7a0f0b47e3d47485f116e89bf43e3324c1ef767d2d62befa236cd
-
SSDEEP
12288:FiJmkAC1wKXfuGRen+MkNDbfs+uR6/N40KZ:Hk2quGRO+MkNDg+uR6/u0W
Static task
static1
Behavioral task
behavioral1
Sample
df620b823687fa8371cb9e5a0dc17c483d804ef601757968b8666de2608d8ebb.exe
Resource
win7-20231129-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
df620b823687fa8371cb9e5a0dc17c483d804ef601757968b8666de2608d8ebb
-
Size
431KB
-
MD5
fcac04fb67b3dec2db923867c5cb0701
-
SHA1
56af848d85c781fd6ac0b8e11b2aec770fc4a105
-
SHA256
df620b823687fa8371cb9e5a0dc17c483d804ef601757968b8666de2608d8ebb
-
SHA512
66dd7676f43c1578e9d1f2e7e6bca50ae84541497d7b5801872fe7bad8118bc92d06ba4fd0f7a0f0b47e3d47485f116e89bf43e3324c1ef767d2d62befa236cd
-
SSDEEP
12288:FiJmkAC1wKXfuGRen+MkNDbfs+uR6/N40KZ:Hk2quGRO+MkNDg+uR6/u0W
-
Detect ZGRat V1
-
Detects Arechclient2 RAT
Arechclient2.
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-