General
-
Target
d4974e7ebe68940a377c047f30095e402770e225f30aa72fee5330d39781f4ea
-
Size
357KB
-
Sample
240430-ababnsec78
-
MD5
42b8298151b4469fc0b1f50d6f40c634
-
SHA1
5b3f5fe3a3be334775458a25959b6f179f3abf0c
-
SHA256
d4974e7ebe68940a377c047f30095e402770e225f30aa72fee5330d39781f4ea
-
SHA512
728ba82f79fc44054de045417ae990d52663aae34e4beac3f9717fc6b9187cb5722ed3442791d1176426f20fc2f174fd6fe89f23f90d0305b6a953b86fe2d166
-
SSDEEP
6144:C1lNMgxBrplOypd3pj4IvhGkcnokcjh+QyrmqVnUWHBNBW2dGjV5Jl:gNMgbplOq3eysDcjUrBV7doJl
Static task
static1
Behavioral task
behavioral1
Sample
d4974e7ebe68940a377c047f30095e402770e225f30aa72fee5330d39781f4ea.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
d4974e7ebe68940a377c047f30095e402770e225f30aa72fee5330d39781f4ea
-
Size
357KB
-
MD5
42b8298151b4469fc0b1f50d6f40c634
-
SHA1
5b3f5fe3a3be334775458a25959b6f179f3abf0c
-
SHA256
d4974e7ebe68940a377c047f30095e402770e225f30aa72fee5330d39781f4ea
-
SHA512
728ba82f79fc44054de045417ae990d52663aae34e4beac3f9717fc6b9187cb5722ed3442791d1176426f20fc2f174fd6fe89f23f90d0305b6a953b86fe2d166
-
SSDEEP
6144:C1lNMgxBrplOypd3pj4IvhGkcnokcjh+QyrmqVnUWHBNBW2dGjV5Jl:gNMgbplOq3eysDcjUrBV7doJl
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-