Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c1ac740ae283a4561a2ea9ed54fb196bec8f0826f4bd891eddc745c14ba4a2df
-
Size
415KB
-
Sample
240506-zgyznaac8t
-
MD5
c4315873b2e8cf1c246cf64ffd03ba74
-
SHA1
2f143be6cb7437d3d24acbeff301abdc97a77507
-
SHA256
c1ac740ae283a4561a2ea9ed54fb196bec8f0826f4bd891eddc745c14ba4a2df
-
SHA512
932e83f671b42dfb8af7467541ff5320f2716b08dd0851ea436f780455888b8870d602f2eada7915aa1c732291a130e9b4237e4f4c2ec0d4cea2ce0a7e53f73c
-
SSDEEP
6144:P50SXOdGHuDgJrhcqwNlpOE7oXLp3FkOfU49bCs7LrkA/:qSXOdvDIXY7O9X13FknszkA/
Static task
static1
Behavioral task
behavioral1
Sample
c1ac740ae283a4561a2ea9ed54fb196bec8f0826f4bd891eddc745c14ba4a2df.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
c1ac740ae283a4561a2ea9ed54fb196bec8f0826f4bd891eddc745c14ba4a2df
-
Size
415KB
-
MD5
c4315873b2e8cf1c246cf64ffd03ba74
-
SHA1
2f143be6cb7437d3d24acbeff301abdc97a77507
-
SHA256
c1ac740ae283a4561a2ea9ed54fb196bec8f0826f4bd891eddc745c14ba4a2df
-
SHA512
932e83f671b42dfb8af7467541ff5320f2716b08dd0851ea436f780455888b8870d602f2eada7915aa1c732291a130e9b4237e4f4c2ec0d4cea2ce0a7e53f73c
-
SSDEEP
6144:P50SXOdGHuDgJrhcqwNlpOE7oXLp3FkOfU49bCs7LrkA/:qSXOdvDIXY7O9X13FknszkA/
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-