General
-
Target
ca3fdca32778040dd55de919f29e997c.bin
-
Size
332KB
-
Sample
240430-b8jr2sgh27
-
MD5
4a7fe64ada0d80d67b2c339872462b49
-
SHA1
8477c4fbf323c3d4b893360adc53eb5afe706003
-
SHA256
63073d56bc9600bf17c63a94d717c410b55a7b4901b2178710867aae0ca3fe7f
-
SHA512
64d63d881c875de80f7030623a85c9ace624961937063d30c0ae5411dc630d75e0e2e9b8a37a4218036daf97bd72e60da7d88ada35c6c16e61da6f598dc70cd2
-
SSDEEP
6144:GyTKwEq0IDVRAag2RlTZzaIwWE4Bn8pfMrxr9cuTWK9LPuwzVxth:GI+Vgn22R1xbES80rxrZTWKL2Exz
Static task
static1
Behavioral task
behavioral1
Sample
412242dc8dd566b6062d501a952253e2a4ef130e646f308e60da4eef123b09dd.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
412242dc8dd566b6062d501a952253e2a4ef130e646f308e60da4eef123b09dd.exe
-
Size
451KB
-
MD5
ca3fdca32778040dd55de919f29e997c
-
SHA1
7d736e3b6f84d72af135e300a3ec4af4d6951b0b
-
SHA256
412242dc8dd566b6062d501a952253e2a4ef130e646f308e60da4eef123b09dd
-
SHA512
d91e13cc49afe5846c997cfa9808e46a6b1ec203a9a8345cd6f663b3327ed25511022b7285b39f5e390bc4a0874685a5e71496e5751b802e87a0e494e7ff2a61
-
SSDEEP
6144:EbizKU6CpA9+9+HDs15JInfn07l7Ro9+mdb7nrAUYj9To2BwMt2jBse7NUo:EbMKUHmcQs7Po9+esUYjq2SUUTBUo
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-