General
-
Target
199df2bf03a19ca81e06c9be08d650c51aa24e2ec94be7b7e3f088d3e553fbe5
-
Size
398KB
-
Sample
240505-pvj3jsde23
-
MD5
e4d35224a48d90c47948c1ae6d98d226
-
SHA1
804d0398bd59d10cea389beefdd6821fb08feaf4
-
SHA256
199df2bf03a19ca81e06c9be08d650c51aa24e2ec94be7b7e3f088d3e553fbe5
-
SHA512
74fd03b3a2d5c84ddbbb28065e30415831844524abf96f6d99ba9974d26d161e8795cb47422b9dec8320b4f6e84deec9ec1c1439747de9b4ab3183108fc109dc
-
SSDEEP
6144:WGuIeB32u0NksV1gwHG7zO4piTyDeDf0BRJFUydBc9qXGzRtKL4:OIeB3/0NkGSeGXO4Cye8BR3TfIqoA4
Static task
static1
Behavioral task
behavioral1
Sample
199df2bf03a19ca81e06c9be08d650c51aa24e2ec94be7b7e3f088d3e553fbe5.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
199df2bf03a19ca81e06c9be08d650c51aa24e2ec94be7b7e3f088d3e553fbe5
-
Size
398KB
-
MD5
e4d35224a48d90c47948c1ae6d98d226
-
SHA1
804d0398bd59d10cea389beefdd6821fb08feaf4
-
SHA256
199df2bf03a19ca81e06c9be08d650c51aa24e2ec94be7b7e3f088d3e553fbe5
-
SHA512
74fd03b3a2d5c84ddbbb28065e30415831844524abf96f6d99ba9974d26d161e8795cb47422b9dec8320b4f6e84deec9ec1c1439747de9b4ab3183108fc109dc
-
SSDEEP
6144:WGuIeB32u0NksV1gwHG7zO4piTyDeDf0BRJFUydBc9qXGzRtKL4:OIeB3/0NkGSeGXO4Cye8BR3TfIqoA4
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-