General
-
Target
a369bc4afec47220b6b868d01f5a2c8064c2cbe26f373430cdf908c79e8c993a
-
Size
368KB
-
Sample
240508-lvc3fsef21
-
MD5
cc143dd32c69c02421ee8babefc58e71
-
SHA1
1710667f583a80b1c5fe1a1775ade91ef9945c14
-
SHA256
a369bc4afec47220b6b868d01f5a2c8064c2cbe26f373430cdf908c79e8c993a
-
SHA512
424e32a3431947eaf8d18b9aa475a280314403f70ce2579ec4c01009a42d6fc886048b079e1295fffbddd767eb070c6855edfc7df2213fab265911f24d50da31
-
SSDEEP
6144:mQLsPnj9HcQoscXDIkJUVmPdKTfVvvIFGg1w8c4lZNTpj4:DLsRxoscIeUMVCNX2Vw2lTpj4
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
a369bc4afec47220b6b868d01f5a2c8064c2cbe26f373430cdf908c79e8c993a
-
Size
368KB
-
MD5
cc143dd32c69c02421ee8babefc58e71
-
SHA1
1710667f583a80b1c5fe1a1775ade91ef9945c14
-
SHA256
a369bc4afec47220b6b868d01f5a2c8064c2cbe26f373430cdf908c79e8c993a
-
SHA512
424e32a3431947eaf8d18b9aa475a280314403f70ce2579ec4c01009a42d6fc886048b079e1295fffbddd767eb070c6855edfc7df2213fab265911f24d50da31
-
SSDEEP
6144:mQLsPnj9HcQoscXDIkJUVmPdKTfVvvIFGg1w8c4lZNTpj4:DLsRxoscIeUMVCNX2Vw2lTpj4
Score10/10-
Detect ZGRat V1
-
Stealc
Stealc is an infostealer written in C++.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-