General
-
Target
b28f219f6d0565e091f5b45137f970f4e9a69cbb6cb4d635e609a6b53ec25aa9.exe
-
Size
347KB
-
Sample
240430-b8d7kahd4x
-
MD5
e94dbcf6726c38bdc0b82e7610bd7f63
-
SHA1
bee941f836c943a6090246d1e26f8a1eb38d4e43
-
SHA256
b28f219f6d0565e091f5b45137f970f4e9a69cbb6cb4d635e609a6b53ec25aa9
-
SHA512
1b057193ed17650b2c8bc35e0448e55e646cf578473686c2edb2e87d835af5beb3dec4d8d2cf11a5dcf5cf1df71541a1c1be7101d1494b8325a01194ea8efcf0
-
SSDEEP
6144:hGNRPF5bRarCh+as9IGq4Bnz86C90O0zS9Hfq1VxcpbJSlKXBESyfla:oDYCYaSIf4S6g0O0Cy1qAldSAla
Static task
static1
Behavioral task
behavioral1
Sample
b28f219f6d0565e091f5b45137f970f4e9a69cbb6cb4d635e609a6b53ec25aa9.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
b28f219f6d0565e091f5b45137f970f4e9a69cbb6cb4d635e609a6b53ec25aa9.exe
-
Size
347KB
-
MD5
e94dbcf6726c38bdc0b82e7610bd7f63
-
SHA1
bee941f836c943a6090246d1e26f8a1eb38d4e43
-
SHA256
b28f219f6d0565e091f5b45137f970f4e9a69cbb6cb4d635e609a6b53ec25aa9
-
SHA512
1b057193ed17650b2c8bc35e0448e55e646cf578473686c2edb2e87d835af5beb3dec4d8d2cf11a5dcf5cf1df71541a1c1be7101d1494b8325a01194ea8efcf0
-
SSDEEP
6144:hGNRPF5bRarCh+as9IGq4Bnz86C90O0zS9Hfq1VxcpbJSlKXBESyfla:oDYCYaSIf4S6g0O0Cy1qAldSAla
-
Detect ZGRat V1
-
SectopRAT payload
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects encrypted or obfuscated .NET executables
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-