General
-
Target
fac0899276ed3be648109e56b22d88ace7fc327b265aa999a7baecad46662f84
-
Size
367KB
-
Sample
240508-fnp6jseg23
-
MD5
f07c1ac2c2b19046e604ae0828dc48d6
-
SHA1
07f018494f5a591f2fe8495e5969a5d95e981da4
-
SHA256
fac0899276ed3be648109e56b22d88ace7fc327b265aa999a7baecad46662f84
-
SHA512
8b3c5195954ea823b80c988380ae8e7809350788f7e40fe8fda06bc79943301ebb45f4e38130d4d17f75b1b1b6de88ea3503f6eca364b1b81a8c41b9e1e9a04e
-
SSDEEP
6144:GM2eTWsqArSaDRacri00TwSZJtVXZZkJPHloB7DmGxHOs+V4iPTiBq:vbTbqAeMRFr2wU/VXZZkxOmAHOd4iiBq
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
fac0899276ed3be648109e56b22d88ace7fc327b265aa999a7baecad46662f84
-
Size
367KB
-
MD5
f07c1ac2c2b19046e604ae0828dc48d6
-
SHA1
07f018494f5a591f2fe8495e5969a5d95e981da4
-
SHA256
fac0899276ed3be648109e56b22d88ace7fc327b265aa999a7baecad46662f84
-
SHA512
8b3c5195954ea823b80c988380ae8e7809350788f7e40fe8fda06bc79943301ebb45f4e38130d4d17f75b1b1b6de88ea3503f6eca364b1b81a8c41b9e1e9a04e
-
SSDEEP
6144:GM2eTWsqArSaDRacri00TwSZJtVXZZkJPHloB7DmGxHOs+V4iPTiBq:vbTbqAeMRFr2wU/VXZZkxOmAHOd4iiBq
Score10/10-
Detect ZGRat V1
-
Stealc
Stealc is an infostealer written in C++.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-