General
-
Target
f3499823ccca35d858ae2653142ded48.bin
-
Size
332KB
-
Sample
240430-cdc7fshb38
-
MD5
f08bf8009202a102a8183ac44b95ac58
-
SHA1
75998ec98eda44ceac560ef58c57e18c978005b7
-
SHA256
202fac821dc6809cfd6ff4b4a991065e9c84010a81068578c3f746d60ac55527
-
SHA512
148658ace3cd650f37bb2538dd455510a1a30e2d73632816be0e9eb274b9eb4fada97eca29436063129a65c6c2e052d76560eb25c747871312731b253595446d
-
SSDEEP
6144:LIib+vQhHrueagqrFAGLuzyKI11+1TdvKWxVMbHlPw+At7FBKFkLpU1/WTj:LJ+vQhHKlgqrmc/NP+LvKeVMbFPwLhFt
Static task
static1
Behavioral task
behavioral1
Sample
c22e7af2dbc1c8349559c3aa56a868d77541cab76a0fef74c248af97a1957d23.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c22e7af2dbc1c8349559c3aa56a868d77541cab76a0fef74c248af97a1957d23.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
c22e7af2dbc1c8349559c3aa56a868d77541cab76a0fef74c248af97a1957d23.exe
-
Size
451KB
-
MD5
f3499823ccca35d858ae2653142ded48
-
SHA1
86477f41bd8cb48a2cf7922cc89acdb3b7a4f58d
-
SHA256
c22e7af2dbc1c8349559c3aa56a868d77541cab76a0fef74c248af97a1957d23
-
SHA512
721a7b13d4d2fd85f267cf62840ca0e26c3b36f601dfce64731b96db0edd0b526535a0008449a4e7a44ba67ea097a69b147792393fb1581f55e380d63c22d68d
-
SSDEEP
6144:+0HYlMeYOX8mE94DowCxV0jZVqmnvi1UVX1Zbt2S0gjaUI:+04lMXmQ4LCxWjZji1U/rhaUI
-
Detect ZGRat V1
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-