General
-
Target
ba3c72316d10a01cd07680149cdcc960e607a4bbebadcefcc6eae803c258a5a3.exe
-
Size
347KB
-
Sample
240430-b9n36agh59
-
MD5
3c109429a3493bc05790599410d9814d
-
SHA1
57b26558cc726c22ee9d7ffaa69cb2752c1b47a2
-
SHA256
ba3c72316d10a01cd07680149cdcc960e607a4bbebadcefcc6eae803c258a5a3
-
SHA512
4c8fdbf68acc89834991706cf27083796af6beb5b3023757c046894b6fe28c3d299786734a7774717e82c3a685939da5896ef3faf2898be08951e5308c6b938d
-
SSDEEP
6144:qQnVK4NKrO3Eg2ASnfP10KVEI9iBmxf4AUkF10KobAMGuRcEEI7lpg2QFV:+4NKh1RnfP1bVH9iB+PUkF10BhGuRNED
Static task
static1
Behavioral task
behavioral1
Sample
ba3c72316d10a01cd07680149cdcc960e607a4bbebadcefcc6eae803c258a5a3.exe
Resource
win7-20231129-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
ba3c72316d10a01cd07680149cdcc960e607a4bbebadcefcc6eae803c258a5a3.exe
-
Size
347KB
-
MD5
3c109429a3493bc05790599410d9814d
-
SHA1
57b26558cc726c22ee9d7ffaa69cb2752c1b47a2
-
SHA256
ba3c72316d10a01cd07680149cdcc960e607a4bbebadcefcc6eae803c258a5a3
-
SHA512
4c8fdbf68acc89834991706cf27083796af6beb5b3023757c046894b6fe28c3d299786734a7774717e82c3a685939da5896ef3faf2898be08951e5308c6b938d
-
SSDEEP
6144:qQnVK4NKrO3Eg2ASnfP10KVEI9iBmxf4AUkF10KobAMGuRcEEI7lpg2QFV:+4NKh1RnfP1bVH9iB+PUkF10BhGuRNED
-
Detect ZGRat V1
-
SectopRAT payload
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects encrypted or obfuscated .NET executables
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-