General
-
Target
285ddca9d09a6bd8cc1e0159962d7f899ef47118575bd0ff2c0a4959f8c457eb
-
Size
449KB
-
Sample
240429-fh4fzsbc7s
-
MD5
20a0a1688a5e7b415c5205993ab9ebd8
-
SHA1
bebd94aeb7c85496a7015d81cd4cc0aa12f2290e
-
SHA256
285ddca9d09a6bd8cc1e0159962d7f899ef47118575bd0ff2c0a4959f8c457eb
-
SHA512
2c45ce8eacf486b8006aa7d11656483fad200fec263426d4caee5a4ecdf8ff819248a0a1916821384b8cfe0a672ccb216a9578613561a29608f4256464e51713
-
SSDEEP
12288:Gb9GpjRN3YUOlgHCmVgNZM4bqkQAXHYKW:Xjf3YUOeO7BFTHYp
Static task
static1
Behavioral task
behavioral1
Sample
285ddca9d09a6bd8cc1e0159962d7f899ef47118575bd0ff2c0a4959f8c457eb.exe
Resource
win7-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
285ddca9d09a6bd8cc1e0159962d7f899ef47118575bd0ff2c0a4959f8c457eb
-
Size
449KB
-
MD5
20a0a1688a5e7b415c5205993ab9ebd8
-
SHA1
bebd94aeb7c85496a7015d81cd4cc0aa12f2290e
-
SHA256
285ddca9d09a6bd8cc1e0159962d7f899ef47118575bd0ff2c0a4959f8c457eb
-
SHA512
2c45ce8eacf486b8006aa7d11656483fad200fec263426d4caee5a4ecdf8ff819248a0a1916821384b8cfe0a672ccb216a9578613561a29608f4256464e51713
-
SSDEEP
12288:Gb9GpjRN3YUOlgHCmVgNZM4bqkQAXHYKW:Xjf3YUOeO7BFTHYp
-
Detect ZGRat V1
-
Detects Arechclient2 RAT
Arechclient2.
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-