General
-
Target
70bf3086062e0c9a5bf377f265b84508f0fc9d649dd5bd051e3dc03bb965e156
-
Size
368KB
-
Sample
240508-l7twqsfc4s
-
MD5
ee4723d7425cae812e58ae3c6552fc56
-
SHA1
14cd38e50cbf305e57461a7ddbeea622f7a075df
-
SHA256
70bf3086062e0c9a5bf377f265b84508f0fc9d649dd5bd051e3dc03bb965e156
-
SHA512
485f56b4362f5693fc9fb47340dfc9063994d630fc1d5fe90322409a17328a76df72ba8dbd412afac69c6d6bf6052b390c42181543726d488c0fa93f7a0a70c2
-
SSDEEP
6144:FelyjzIpb2xE5BNqj+DYvjZask87WlizIwYYozY/TZ4tjM:YlyjzIpbyE6yDYFask87Oi9Z4tjM
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
70bf3086062e0c9a5bf377f265b84508f0fc9d649dd5bd051e3dc03bb965e156
-
Size
368KB
-
MD5
ee4723d7425cae812e58ae3c6552fc56
-
SHA1
14cd38e50cbf305e57461a7ddbeea622f7a075df
-
SHA256
70bf3086062e0c9a5bf377f265b84508f0fc9d649dd5bd051e3dc03bb965e156
-
SHA512
485f56b4362f5693fc9fb47340dfc9063994d630fc1d5fe90322409a17328a76df72ba8dbd412afac69c6d6bf6052b390c42181543726d488c0fa93f7a0a70c2
-
SSDEEP
6144:FelyjzIpb2xE5BNqj+DYvjZask87WlizIwYYozY/TZ4tjM:YlyjzIpbyE6yDYFask87Oi9Z4tjM
Score10/10-
Detect ZGRat V1
-
Stealc
Stealc is an infostealer written in C++.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-