General
-
Target
bc27633cac9b7c7c5c5a81be2729a36f7bfd2ced530e46f0a0cfad714f284c44
-
Size
416KB
-
Sample
240506-p29xjsca9y
-
MD5
938036d70426ce954b4d5f026ebb81d7
-
SHA1
994d47f8879c6c72394fa9a701be0a9b41ee51a5
-
SHA256
bc27633cac9b7c7c5c5a81be2729a36f7bfd2ced530e46f0a0cfad714f284c44
-
SHA512
f475139bb22f835f7423fd7b06aede4fc7fd3c6c4227b9a4de0cc2e38d076db801b2f848ee490da435d1779e82b9a9b1ff05d783e0dead4f2e902067e6f0fd4c
-
SSDEEP
6144:H/BZItaWG0e12qQ61HC7bIxM6Wp8ik/QAYiVA2XOxx0HNhBp7/nyaFotaZs:fBZI4WObXGIa6AA/eV+HNhLvCtcs
Static task
static1
Behavioral task
behavioral1
Sample
bc27633cac9b7c7c5c5a81be2729a36f7bfd2ced530e46f0a0cfad714f284c44.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
bc27633cac9b7c7c5c5a81be2729a36f7bfd2ced530e46f0a0cfad714f284c44
-
Size
416KB
-
MD5
938036d70426ce954b4d5f026ebb81d7
-
SHA1
994d47f8879c6c72394fa9a701be0a9b41ee51a5
-
SHA256
bc27633cac9b7c7c5c5a81be2729a36f7bfd2ced530e46f0a0cfad714f284c44
-
SHA512
f475139bb22f835f7423fd7b06aede4fc7fd3c6c4227b9a4de0cc2e38d076db801b2f848ee490da435d1779e82b9a9b1ff05d783e0dead4f2e902067e6f0fd4c
-
SSDEEP
6144:H/BZItaWG0e12qQ61HC7bIxM6Wp8ik/QAYiVA2XOxx0HNhBp7/nyaFotaZs:fBZI4WObXGIa6AA/eV+HNhLvCtcs
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-