General
-
Target
a96b7f18c9a9c703893185f244df0e6d482e8b7182e4268c607be387acc0e2e1.exe
-
Size
347KB
-
Sample
240430-b57dyahc5x
-
MD5
331ed8ae289ce0f120f7b6232bdddd35
-
SHA1
72eb7bb215763e4d22ff5b33464745857b4259bc
-
SHA256
a96b7f18c9a9c703893185f244df0e6d482e8b7182e4268c607be387acc0e2e1
-
SHA512
a1b240ff81b49424753c90663a9728268bfbaa2781a7a9d2293f72af9cba03132704f718cdb8e1183398230d2ab25e39a3c66728e091d00bc91e3d199682b8c0
-
SSDEEP
6144:hGNRPF5bRarCh+as9IGq4Bnz86C90O0zS9Hfq1VxcpbJSlKXBESyflf:oDYCYaSIf4S6g0O0Cy1qAldSAlf
Static task
static1
Behavioral task
behavioral1
Sample
a96b7f18c9a9c703893185f244df0e6d482e8b7182e4268c607be387acc0e2e1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a96b7f18c9a9c703893185f244df0e6d482e8b7182e4268c607be387acc0e2e1.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
a96b7f18c9a9c703893185f244df0e6d482e8b7182e4268c607be387acc0e2e1.exe
-
Size
347KB
-
MD5
331ed8ae289ce0f120f7b6232bdddd35
-
SHA1
72eb7bb215763e4d22ff5b33464745857b4259bc
-
SHA256
a96b7f18c9a9c703893185f244df0e6d482e8b7182e4268c607be387acc0e2e1
-
SHA512
a1b240ff81b49424753c90663a9728268bfbaa2781a7a9d2293f72af9cba03132704f718cdb8e1183398230d2ab25e39a3c66728e091d00bc91e3d199682b8c0
-
SSDEEP
6144:hGNRPF5bRarCh+as9IGq4Bnz86C90O0zS9Hfq1VxcpbJSlKXBESyflf:oDYCYaSIf4S6g0O0Cy1qAldSAlf
-
Detect ZGRat V1
-
SectopRAT payload
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects encrypted or obfuscated .NET executables
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-