General
-
Target
ba4741c0e081d02a63e4646049a64aef.bin
-
Size
332KB
-
Sample
240430-b76kesgg93
-
MD5
71f850f013c55992d62c805b8c28135f
-
SHA1
ea429981f1e3547f28a4e861bd0c8dd137c3b2cc
-
SHA256
8e7523f0afbd1ee15712b07ed674b4401b097508a216be4a6980e7f14789bece
-
SHA512
f31d54d7caef3315c0f3a2ca3a7dea71c044508b102c296bdfbf9b7e28e81b8103c0fad4f7d711e17ed37474d3b57022dc44731b4e9037e7a60b190380c5f88b
-
SSDEEP
6144:b7ip2//HjTGy0yv0r1qaG1zUWRYrdBFuD6eaMFlU/reEmEQkjl8vTaFPQPpw+SNZ:b+YDTAyv0r1qalOyweeormKjlG0gQNAw
Static task
static1
Behavioral task
behavioral1
Sample
2e19bc44d1c2c70d9de95546e406da87e217304fbb530ff2fd14fc221ec4b025.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2e19bc44d1c2c70d9de95546e406da87e217304fbb530ff2fd14fc221ec4b025.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
2e19bc44d1c2c70d9de95546e406da87e217304fbb530ff2fd14fc221ec4b025.exe
-
Size
451KB
-
MD5
ba4741c0e081d02a63e4646049a64aef
-
SHA1
13e2a8ef046f22bbdcbfb0d4ef3dd2ab7350636f
-
SHA256
2e19bc44d1c2c70d9de95546e406da87e217304fbb530ff2fd14fc221ec4b025
-
SHA512
938cd0381948b2256582b7fbabff3cd4379dae3b50c50801e9aca91e62306fdeb8ba46edeca60ae8f82e7156ac48f42a485d94b8204645e5bc683a5c483ef8a9
-
SSDEEP
6144:EbizKU6CpA9+9+HDs15JInfn07l7Ro9+mdb7nrAUYj9To2BwMt2jBse7NUt:EbMKUHmcQs7Po9+esUYjq2SUUTBUt
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-