General
-
Target
eab5f89ba4c54258a18703ea021b8a6ae59d4d2fe919d462edd4f1b058288e6d
-
Size
368KB
-
Sample
240508-mfyahsfg7z
-
MD5
c0fca742b5c3e22880408c9acf310852
-
SHA1
e86c87a50d159791f47eb9591ded0dd424b226a2
-
SHA256
eab5f89ba4c54258a18703ea021b8a6ae59d4d2fe919d462edd4f1b058288e6d
-
SHA512
4d6af7613b719be91c4a4cf142373554c0524ea2967e0ae6cdcbba34cdf87cf25225e44b1276ba183653ca6344c3bed32045fcf9a4c15c4a1718fe06a3e0a387
-
SSDEEP
6144:FelyjzIpb2xE5BNqj+DYvjZask87WlizIwYYozY/TZ4tjF:YlyjzIpbyE6yDYFask87Oi9Z4tjF
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
eab5f89ba4c54258a18703ea021b8a6ae59d4d2fe919d462edd4f1b058288e6d
-
Size
368KB
-
MD5
c0fca742b5c3e22880408c9acf310852
-
SHA1
e86c87a50d159791f47eb9591ded0dd424b226a2
-
SHA256
eab5f89ba4c54258a18703ea021b8a6ae59d4d2fe919d462edd4f1b058288e6d
-
SHA512
4d6af7613b719be91c4a4cf142373554c0524ea2967e0ae6cdcbba34cdf87cf25225e44b1276ba183653ca6344c3bed32045fcf9a4c15c4a1718fe06a3e0a387
-
SSDEEP
6144:FelyjzIpb2xE5BNqj+DYvjZask87WlizIwYYozY/TZ4tjF:YlyjzIpbyE6yDYFask87Oi9Z4tjF
Score10/10-
Detect ZGRat V1
-
Stealc
Stealc is an infostealer written in C++.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-