General
-
Target
9978192a35690f80313bb98b6ee7d7913ade16fee00b6948ffc1a75cdae1dea6.exe
-
Size
347KB
-
Sample
240430-b23atahb4y
-
MD5
27b2273a6cd415e6c1b0800ea62fe86e
-
SHA1
73a818b7c7bcb674d0e34e5b563c8028e357b280
-
SHA256
9978192a35690f80313bb98b6ee7d7913ade16fee00b6948ffc1a75cdae1dea6
-
SHA512
9fd65b7cd69ac0bdd1a11972a2d307188515848bddcb3f2fc2f02e4706abe72b177c4c560eab147cbc152254caaf5f9389f70b0b2fc7c86950e57cb9682853f1
-
SSDEEP
6144:hGNRPF5bRarCh+as9IGq4Bnz86C90O0zS9Hfq1VxcpbJSlKXBESyflY:oDYCYaSIf4S6g0O0Cy1qAldSAlY
Static task
static1
Behavioral task
behavioral1
Sample
9978192a35690f80313bb98b6ee7d7913ade16fee00b6948ffc1a75cdae1dea6.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
9978192a35690f80313bb98b6ee7d7913ade16fee00b6948ffc1a75cdae1dea6.exe
-
Size
347KB
-
MD5
27b2273a6cd415e6c1b0800ea62fe86e
-
SHA1
73a818b7c7bcb674d0e34e5b563c8028e357b280
-
SHA256
9978192a35690f80313bb98b6ee7d7913ade16fee00b6948ffc1a75cdae1dea6
-
SHA512
9fd65b7cd69ac0bdd1a11972a2d307188515848bddcb3f2fc2f02e4706abe72b177c4c560eab147cbc152254caaf5f9389f70b0b2fc7c86950e57cb9682853f1
-
SSDEEP
6144:hGNRPF5bRarCh+as9IGq4Bnz86C90O0zS9Hfq1VxcpbJSlKXBESyflY:oDYCYaSIf4S6g0O0Cy1qAldSAlY
-
Detect ZGRat V1
-
SectopRAT payload
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects encrypted or obfuscated .NET executables
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-