Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cb4473f66bba06f982a1466e67e65097f95476484a4a249f53fd4d17deaf9185

  • Size

    417KB

  • Sample

    240507-l26cksea97

  • MD5

    97681ae7a2c06351eb339e8311e9564e

  • SHA1

    e647e373ee4eb2c1f70395bf911fad2974d9420c

  • SHA256

    cb4473f66bba06f982a1466e67e65097f95476484a4a249f53fd4d17deaf9185

  • SHA512

    ad92c67b610a24477a647d0db4208ff1b264f6b342c7d6e2cd89f1f4b8f8e2a41fc6f783ac565b34b2125bd76bc7cd156e2e578fc17ef2732883034018d10279

  • SSDEEP

    12288:0H9S9mUikIgN8hRxsG207aR7FPDROmjLtNeoDK:0d7mkRH7MJbjL5K

Score
10/10
stealczgratdiscoveryratspywarestealer

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes
  • url_path

    /c698e1bc8a2f5e6d.php

Targets

    • Target

      cb4473f66bba06f982a1466e67e65097f95476484a4a249f53fd4d17deaf9185

    • Size

      417KB

    • MD5

      97681ae7a2c06351eb339e8311e9564e

    • SHA1

      e647e373ee4eb2c1f70395bf911fad2974d9420c

    • SHA256

      cb4473f66bba06f982a1466e67e65097f95476484a4a249f53fd4d17deaf9185

    • SHA512

      ad92c67b610a24477a647d0db4208ff1b264f6b342c7d6e2cd89f1f4b8f8e2a41fc6f783ac565b34b2125bd76bc7cd156e2e578fc17ef2732883034018d10279

    • SSDEEP

      12288:0H9S9mUikIgN8hRxsG207aR7FPDROmjLtNeoDK:0d7mkRH7MJbjL5K

    Score
    10/10
    stealczgratdiscoveryratspywarestealer

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks