General
-
Target
7a73a594c084542382bfdd764ca6b08941232397f35437b74782ae5b1fb42659.exe
-
Size
348KB
-
Sample
240430-bxa1rsgh4z
-
MD5
12b99c7364914b58406fc6d3b6a4cf99
-
SHA1
f331dfb6496c09a7db09649267cd0e53f3a1fd6e
-
SHA256
7a73a594c084542382bfdd764ca6b08941232397f35437b74782ae5b1fb42659
-
SHA512
b6d0bf56725b372f1ee1f1298b99121291ed11093057af4a1a8ec4b2fb8f89382201f285ef7469f856c7ec79d9db126401911dc4a955bdcd2eaee78d39d4dae1
-
SSDEEP
6144:rduS03pdQbVg12jXuaGWkJ0Oey7lZr1asn3e5mV/9+D9f/a4ENTUh8d5a1o:ZoXQHy3WkH8sn3e5maa4MYo
Static task
static1
Behavioral task
behavioral1
Sample
7a73a594c084542382bfdd764ca6b08941232397f35437b74782ae5b1fb42659.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7a73a594c084542382bfdd764ca6b08941232397f35437b74782ae5b1fb42659.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
7a73a594c084542382bfdd764ca6b08941232397f35437b74782ae5b1fb42659.exe
-
Size
348KB
-
MD5
12b99c7364914b58406fc6d3b6a4cf99
-
SHA1
f331dfb6496c09a7db09649267cd0e53f3a1fd6e
-
SHA256
7a73a594c084542382bfdd764ca6b08941232397f35437b74782ae5b1fb42659
-
SHA512
b6d0bf56725b372f1ee1f1298b99121291ed11093057af4a1a8ec4b2fb8f89382201f285ef7469f856c7ec79d9db126401911dc4a955bdcd2eaee78d39d4dae1
-
SSDEEP
6144:rduS03pdQbVg12jXuaGWkJ0Oey7lZr1asn3e5mV/9+D9f/a4ENTUh8d5a1o:ZoXQHy3WkH8sn3e5maa4MYo
-
Detect ZGRat V1
-
SectopRAT payload
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects encrypted or obfuscated .NET executables
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-