General
-
Target
64cbe0c31f9cff7215653a5cb20276e3e7bea8f9d02e7a45b1202dd41e33ec66.exe
-
Size
347KB
-
Sample
240430-btlyvsgg3y
-
MD5
2aec21f2d3d862bce7ea8ec69e84a107
-
SHA1
d911e77badf927eb57d20a14ef6d898737ad2b58
-
SHA256
64cbe0c31f9cff7215653a5cb20276e3e7bea8f9d02e7a45b1202dd41e33ec66
-
SHA512
c446c286704b7027c919d359c4c627e30a7ecf56923df76184bf9c20505c565dfbdf0965e35f03abc26a581d3b01e18582e9d64e92cc4e32df0badbb94ba4844
-
SSDEEP
6144:aGNJdD4C4xkIsmIqLoSj9hXc6+Bl7+sysO+ThbGlN50BdYjFqv:d5a+IsmhoSZG5lysynD50Hbv
Static task
static1
Behavioral task
behavioral1
Sample
64cbe0c31f9cff7215653a5cb20276e3e7bea8f9d02e7a45b1202dd41e33ec66.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
64cbe0c31f9cff7215653a5cb20276e3e7bea8f9d02e7a45b1202dd41e33ec66.exe
-
Size
347KB
-
MD5
2aec21f2d3d862bce7ea8ec69e84a107
-
SHA1
d911e77badf927eb57d20a14ef6d898737ad2b58
-
SHA256
64cbe0c31f9cff7215653a5cb20276e3e7bea8f9d02e7a45b1202dd41e33ec66
-
SHA512
c446c286704b7027c919d359c4c627e30a7ecf56923df76184bf9c20505c565dfbdf0965e35f03abc26a581d3b01e18582e9d64e92cc4e32df0badbb94ba4844
-
SSDEEP
6144:aGNJdD4C4xkIsmIqLoSj9hXc6+Bl7+sysO+ThbGlN50BdYjFqv:d5a+IsmhoSZG5lysynD50Hbv
-
Detect ZGRat V1
-
SectopRAT payload
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects encrypted or obfuscated .NET executables
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-