General
-
Target
cf0f85fe664eed3229baaccf2fac487ba0cc3dd3599d59b55f759e342a855459
-
Size
399KB
-
Sample
240505-kmhgjafg89
-
MD5
ac69648ecafdb8995dfb2b39984a2b56
-
SHA1
1a248b4428f700a85433aba4dd7f63b16e208784
-
SHA256
cf0f85fe664eed3229baaccf2fac487ba0cc3dd3599d59b55f759e342a855459
-
SHA512
7252e894ecb93781e0832338f4704b02b3a586d78d83f905bb778c53232a0ee7fc1c72a2ab3b2a241656ac363a2c9bb449bb33872445a742b9d6bd40bec8ca5a
-
SSDEEP
6144:t5cRP0RY9yGmSTtwtdrh9tzQtegBxp/l5nDNSP0meoK6K:t5cRPL9vTivztzQtNxt5nDNS9VVK
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
cf0f85fe664eed3229baaccf2fac487ba0cc3dd3599d59b55f759e342a855459
-
Size
399KB
-
MD5
ac69648ecafdb8995dfb2b39984a2b56
-
SHA1
1a248b4428f700a85433aba4dd7f63b16e208784
-
SHA256
cf0f85fe664eed3229baaccf2fac487ba0cc3dd3599d59b55f759e342a855459
-
SHA512
7252e894ecb93781e0832338f4704b02b3a586d78d83f905bb778c53232a0ee7fc1c72a2ab3b2a241656ac363a2c9bb449bb33872445a742b9d6bd40bec8ca5a
-
SSDEEP
6144:t5cRP0RY9yGmSTtwtdrh9tzQtegBxp/l5nDNSP0meoK6K:t5cRPL9vTivztzQtNxt5nDNS9VVK
Score10/10-
Buer
Buer is a new modular loader first seen in August 2019.
-
Detect ZGRat V1
-
Stealc
Stealc is an infostealer written in C++.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-