General
-
Target
ad73f8e5e589a55e5e7f61904350f40dccd7a9e31a2a3c87d148d442c2adeccc
-
Size
395KB
-
Sample
240429-fxpldabd98
-
MD5
6cdeb54bee9bb79a14676d7f576c514a
-
SHA1
6c5c9d331270653ee45d085c528ede5c6de2fe0b
-
SHA256
ad73f8e5e589a55e5e7f61904350f40dccd7a9e31a2a3c87d148d442c2adeccc
-
SHA512
64395927ceb95d9893f273a333fe9b9a4a835772bcebafb7b2f78da4aa239af85cefdf8e8027f01004e2c501a7a5a58081d17d2aaff2fafe7e3a4b738b6c1e47
-
SSDEEP
6144:P29OmUzW8qsGKCjyUeQ3KSJJHr1kWhr12uKej6RCM+8RPF:P2R67JCeU13K8JH1ZFKej/81F
Static task
static1
Behavioral task
behavioral1
Sample
ad73f8e5e589a55e5e7f61904350f40dccd7a9e31a2a3c87d148d442c2adeccc.exe
Resource
win7-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
ad73f8e5e589a55e5e7f61904350f40dccd7a9e31a2a3c87d148d442c2adeccc
-
Size
395KB
-
MD5
6cdeb54bee9bb79a14676d7f576c514a
-
SHA1
6c5c9d331270653ee45d085c528ede5c6de2fe0b
-
SHA256
ad73f8e5e589a55e5e7f61904350f40dccd7a9e31a2a3c87d148d442c2adeccc
-
SHA512
64395927ceb95d9893f273a333fe9b9a4a835772bcebafb7b2f78da4aa239af85cefdf8e8027f01004e2c501a7a5a58081d17d2aaff2fafe7e3a4b738b6c1e47
-
SSDEEP
6144:P29OmUzW8qsGKCjyUeQ3KSJJHr1kWhr12uKej6RCM+8RPF:P2R67JCeU13K8JH1ZFKej/81F
-
Detect ZGRat V1
-
Detects Arechclient2 RAT
Arechclient2.
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-