General
-
Target
31bf976b4eb86c21486d676156ea91b21f95b7bf024dd9731f81e3f70992aa81
-
Size
347KB
-
Sample
240429-ymzmpsbf21
-
MD5
e108b2018bd7159149943a9d2e7aba9e
-
SHA1
0176ac1fcc280592b5d974e6aca878c4aaf1cc01
-
SHA256
31bf976b4eb86c21486d676156ea91b21f95b7bf024dd9731f81e3f70992aa81
-
SHA512
282b086be878ddc6c5df5d9ad3e3e9d9de5eb907f0496ceaa0cf7f40f8461b8d793bee19bfdd640d6b4931ff38af8ccfbccd4d29661e352f2c4e826e9d0917e2
-
SSDEEP
6144:dD0MWKPc0wJk+uRjiu4FpXFr9TgvzI3OrfK:aMWPJKQFpXFR0vzjK
Static task
static1
Behavioral task
behavioral1
Sample
31bf976b4eb86c21486d676156ea91b21f95b7bf024dd9731f81e3f70992aa81.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
31bf976b4eb86c21486d676156ea91b21f95b7bf024dd9731f81e3f70992aa81.exe
Resource
win11-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
31bf976b4eb86c21486d676156ea91b21f95b7bf024dd9731f81e3f70992aa81
-
Size
347KB
-
MD5
e108b2018bd7159149943a9d2e7aba9e
-
SHA1
0176ac1fcc280592b5d974e6aca878c4aaf1cc01
-
SHA256
31bf976b4eb86c21486d676156ea91b21f95b7bf024dd9731f81e3f70992aa81
-
SHA512
282b086be878ddc6c5df5d9ad3e3e9d9de5eb907f0496ceaa0cf7f40f8461b8d793bee19bfdd640d6b4931ff38af8ccfbccd4d29661e352f2c4e826e9d0917e2
-
SSDEEP
6144:dD0MWKPc0wJk+uRjiu4FpXFr9TgvzI3OrfK:aMWPJKQFpXFR0vzjK
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-