Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ddea935c57dea3f914a2081e7ef38d7f089c937724857c4175298c42485ed751

  • Size

    450KB

  • Sample

    240506-3wnn1sha5s

  • MD5

    e12bbef933d048bdd6fc12428211ac18

  • SHA1

    98fb417f4956155ce56843d7db0ea4aeb59b8c0e

  • SHA256

    ddea935c57dea3f914a2081e7ef38d7f089c937724857c4175298c42485ed751

  • SHA512

    822a192df6eb608f1152d28392e7edec9a5ad733e36fd3266fb8e88215cdf171374d7025d264215c6d706a17ade769f85b0fb9596dd7b750a99ed2add762ec9f

  • SSDEEP

    12288:LG2lUG0NVvKXW/WqwO0YSTPZSeSnnKPkDa:LgVvoU9fsPUeSKPkDa

Score
10/10
stealczgratdiscoveryratspywarestealer

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes
  • url_path

    /c698e1bc8a2f5e6d.php

Targets

    • Target

      ddea935c57dea3f914a2081e7ef38d7f089c937724857c4175298c42485ed751

    • Size

      450KB

    • MD5

      e12bbef933d048bdd6fc12428211ac18

    • SHA1

      98fb417f4956155ce56843d7db0ea4aeb59b8c0e

    • SHA256

      ddea935c57dea3f914a2081e7ef38d7f089c937724857c4175298c42485ed751

    • SHA512

      822a192df6eb608f1152d28392e7edec9a5ad733e36fd3266fb8e88215cdf171374d7025d264215c6d706a17ade769f85b0fb9596dd7b750a99ed2add762ec9f

    • SSDEEP

      12288:LG2lUG0NVvKXW/WqwO0YSTPZSeSnnKPkDa:LgVvoU9fsPUeSKPkDa

    Score
    10/10
    stealczgratdiscoveryratspywarestealer

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks