General
-
Target
3827576c88bf7d2e73b4b1ccbfe22d7ec843fc56b4118e7f86b3206c696e3f3b
-
Size
347KB
-
Sample
240429-y7spwsca4t
-
MD5
8c2f414cf86fbac77f0164a64522b5bf
-
SHA1
b50323b973d045e4a16777f69f309fa46ebcf023
-
SHA256
3827576c88bf7d2e73b4b1ccbfe22d7ec843fc56b4118e7f86b3206c696e3f3b
-
SHA512
4f1f2a3b0b85ac934aed6371fc3a95498072bb445a13c4d5aa4e4c86e48de2896f84c8ec072bd127e66439abf6763d9a562f282dbd4014899061633bcbd327de
-
SSDEEP
6144:Iow3n4zYeN4lwlXFWI46PcJ+bbdtuBx4rEZGl0HIsitMuM:1eeyOl1WI46PcJYSBxSMGl0I9M
Static task
static1
Behavioral task
behavioral1
Sample
3827576c88bf7d2e73b4b1ccbfe22d7ec843fc56b4118e7f86b3206c696e3f3b.exe
Resource
win7-20231129-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
3827576c88bf7d2e73b4b1ccbfe22d7ec843fc56b4118e7f86b3206c696e3f3b
-
Size
347KB
-
MD5
8c2f414cf86fbac77f0164a64522b5bf
-
SHA1
b50323b973d045e4a16777f69f309fa46ebcf023
-
SHA256
3827576c88bf7d2e73b4b1ccbfe22d7ec843fc56b4118e7f86b3206c696e3f3b
-
SHA512
4f1f2a3b0b85ac934aed6371fc3a95498072bb445a13c4d5aa4e4c86e48de2896f84c8ec072bd127e66439abf6763d9a562f282dbd4014899061633bcbd327de
-
SSDEEP
6144:Iow3n4zYeN4lwlXFWI46PcJ+bbdtuBx4rEZGl0HIsitMuM:1eeyOl1WI46PcJYSBxSMGl0I9M
-
Detect ZGRat V1
-
SectopRAT payload
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects encrypted or obfuscated .NET executables
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-