General
-
Target
de3c10b71100b4579358589b88f4bfb336b1ec050a8fc1c8caad7814d31f7c1f
-
Size
357KB
-
Sample
240430-aed42aeh5s
-
MD5
60b7c0f1de74ec652eb9139d354d5c90
-
SHA1
dc1048d25ce34d683481cc9662418fbfea6d1d96
-
SHA256
de3c10b71100b4579358589b88f4bfb336b1ec050a8fc1c8caad7814d31f7c1f
-
SHA512
14017c5cdc04b5179709ef8b7a0e35cf27fbbedbc63e81f45453f2685c4429e160c4a9838551edade1f8cc9b58e3ff62967fe978ebf27957fab3a4f9f98988c9
-
SSDEEP
6144:C1lNMgxBrplOypd3pj4IvhGkcnokcjh+QyrmqVnUWHBNBW2dGjV5Jv:gNMgbplOq3eysDcjUrBV7doJv
Static task
static1
Behavioral task
behavioral1
Sample
de3c10b71100b4579358589b88f4bfb336b1ec050a8fc1c8caad7814d31f7c1f.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
de3c10b71100b4579358589b88f4bfb336b1ec050a8fc1c8caad7814d31f7c1f
-
Size
357KB
-
MD5
60b7c0f1de74ec652eb9139d354d5c90
-
SHA1
dc1048d25ce34d683481cc9662418fbfea6d1d96
-
SHA256
de3c10b71100b4579358589b88f4bfb336b1ec050a8fc1c8caad7814d31f7c1f
-
SHA512
14017c5cdc04b5179709ef8b7a0e35cf27fbbedbc63e81f45453f2685c4429e160c4a9838551edade1f8cc9b58e3ff62967fe978ebf27957fab3a4f9f98988c9
-
SSDEEP
6144:C1lNMgxBrplOypd3pj4IvhGkcnokcjh+QyrmqVnUWHBNBW2dGjV5Jv:gNMgbplOq3eysDcjUrBV7doJv
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-