stealc

General

Target

d7e89d4cac804c00d7b0bf89d1c12b6b81a5099f73c2ff0dd3d96c445e8d7827
Size

368KB
Sample

240508-lx3e5aeg5s
MD5

eb971b22faa6d3caeb8ef394145716b2
SHA1

c178c4ec3778635af459cedf565b3c89be5130e8
SHA256

d7e89d4cac804c00d7b0bf89d1c12b6b81a5099f73c2ff0dd3d96c445e8d7827
SHA512

47459ce968e1ee1ca4c0f14a01e7f3388366de97182dae867097c6e0c053a63228f561e56597cb9f68f71b57445b277d9498c08fc3ec2d8beea96c452452fccf
SSDEEP

6144:mQLsPnj9HcQoscXDIkJUVmPdKTfVvvIFGg1w8c4lZNTpj8:DLsRxoscIeUMVCNX2Vw2lTpj8

Score

10^/10

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes

url_path
/c698e1bc8a2f5e6d.php

Targets

- Target
  
  d7e89d4cac804c00d7b0bf89d1c12b6b81a5099f73c2ff0dd3d96c445e8d7827
- Size
  
  368KB
- MD5
  
  eb971b22faa6d3caeb8ef394145716b2
- SHA1
  
  c178c4ec3778635af459cedf565b3c89be5130e8
- SHA256
  
  d7e89d4cac804c00d7b0bf89d1c12b6b81a5099f73c2ff0dd3d96c445e8d7827
- SHA512
  
  47459ce968e1ee1ca4c0f14a01e7f3388366de97182dae867097c6e0c053a63228f561e56597cb9f68f71b57445b277d9498c08fc3ec2d8beea96c452452fccf
- SSDEEP
  
  6144:mQLsPnj9HcQoscXDIkJUVmPdKTfVvvIFGg1w8c4lZNTpj8:DLsRxoscIeUMVCNX2Vw2lTpj8
Score

10^/10

stealc zgrat discovery rat stealer
- Detect ZGRat V1
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

4

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2