General
-
Target
257a80b8b7009e7c93ae0549334f5879bcdb82f8bf0c592aee302f2aec76815f
-
Size
365KB
-
Sample
240508-3wkx5agh88
-
MD5
7ee08f879aa35adf10d1d6fe7b8a3748
-
SHA1
78c3dd7fa68f89e48f9bcd5f31b14be3a35c4edb
-
SHA256
257a80b8b7009e7c93ae0549334f5879bcdb82f8bf0c592aee302f2aec76815f
-
SHA512
d48815302a2d7ed70d33881508ce5e23e06500f78afeaa6c34d8d8d4cd48952ed66294659fcdfb36b15a40560553fa2726979d872505adb6613e7f515c023726
-
SSDEEP
6144:mfcBWeUkksvXwBbM4HxlzmJp2C5kbX1Z0DR7M1jTs5gYTmWK:mfcUeGzhHxNQKX1eDR7un0mWK
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
257a80b8b7009e7c93ae0549334f5879bcdb82f8bf0c592aee302f2aec76815f
-
Size
365KB
-
MD5
7ee08f879aa35adf10d1d6fe7b8a3748
-
SHA1
78c3dd7fa68f89e48f9bcd5f31b14be3a35c4edb
-
SHA256
257a80b8b7009e7c93ae0549334f5879bcdb82f8bf0c592aee302f2aec76815f
-
SHA512
d48815302a2d7ed70d33881508ce5e23e06500f78afeaa6c34d8d8d4cd48952ed66294659fcdfb36b15a40560553fa2726979d872505adb6613e7f515c023726
-
SSDEEP
6144:mfcBWeUkksvXwBbM4HxlzmJp2C5kbX1Z0DR7M1jTs5gYTmWK:mfcUeGzhHxNQKX1eDR7un0mWK
Score10/10-
Detect ZGRat V1
-
Stealc
Stealc is an infostealer written in C++.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-