stealc

General

Target

0969e4d489b5176bb42f73ff4e4049f3c973bb3ed9dc035057a0908b3b3bfb18
Size

368KB
Sample

240508-lwpgwaef8x
MD5

030dacc5b56d88447cba917df6e9f15a
SHA1

8ba1b9d0a0b9845b1a6f8a940fecea48254bf4cf
SHA256

0969e4d489b5176bb42f73ff4e4049f3c973bb3ed9dc035057a0908b3b3bfb18
SHA512

a9bdc4552c842d9689c295007e3f2c5a0c0a096d491ff916d7efc8549c8aa51ec572a1954d94164e2a926ddc476ac308b370004b1d2bf2a71cad660530ea26e8
SSDEEP

6144:mQLsPnj9HcQoscXDIkJUVmPdKTfVvvIFGg1w8c4lZNTpj/:DLsRxoscIeUMVCNX2Vw2lTpj/

Score

10^/10

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes

url_path
/c698e1bc8a2f5e6d.php

Targets

- Target
  
  0969e4d489b5176bb42f73ff4e4049f3c973bb3ed9dc035057a0908b3b3bfb18
- Size
  
  368KB
- MD5
  
  030dacc5b56d88447cba917df6e9f15a
- SHA1
  
  8ba1b9d0a0b9845b1a6f8a940fecea48254bf4cf
- SHA256
  
  0969e4d489b5176bb42f73ff4e4049f3c973bb3ed9dc035057a0908b3b3bfb18
- SHA512
  
  a9bdc4552c842d9689c295007e3f2c5a0c0a096d491ff916d7efc8549c8aa51ec572a1954d94164e2a926ddc476ac308b370004b1d2bf2a71cad660530ea26e8
- SSDEEP
  
  6144:mQLsPnj9HcQoscXDIkJUVmPdKTfVvvIFGg1w8c4lZNTpj/:DLsRxoscIeUMVCNX2Vw2lTpj/
Score

10^/10

stealc zgrat discovery rat stealer
- Detect ZGRat V1
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

4

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2