Overview

overview

10

Static

static

3

990458f3c4...KI.exe

windows7-x64

10

990458f3c4...KI.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    990458f3c4f2c6d2007245bd95ca1ba0_NEIKI

  • Size

    416KB

  • Sample

    240508-n2qcgabb8s

  • MD5

    990458f3c4f2c6d2007245bd95ca1ba0

  • SHA1

    d2d0dab2ee6fb4a8223fe97a861b27a8f8765264

  • SHA256

    9aa0d408fa75257650fb24033f83808fd958a4e8e01e1ca247f4c3c103b287f3

  • SHA512

    51974da1b25af80ebdcd5949c27a955743f4f71d658688c5e168aff5f3f42618cc61cebf863d82defbe7785a5f4c37e5fc398b982a2a9f6051187cfe6e8f1b0b

  • SSDEEP

    12288:V/36Qn32mOgeVztEMz3Jx8fnLd4S3Ntcq:t7deXP8fnRTcq

Score
10/10
stealczgratdiscoveryratstealer

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes
  • url_path

    /c698e1bc8a2f5e6d.php

Targets

    • Target

      990458f3c4f2c6d2007245bd95ca1ba0_NEIKI

    • Size

      416KB

    • MD5

      990458f3c4f2c6d2007245bd95ca1ba0

    • SHA1

      d2d0dab2ee6fb4a8223fe97a861b27a8f8765264

    • SHA256

      9aa0d408fa75257650fb24033f83808fd958a4e8e01e1ca247f4c3c103b287f3

    • SHA512

      51974da1b25af80ebdcd5949c27a955743f4f71d658688c5e168aff5f3f42618cc61cebf863d82defbe7785a5f4c37e5fc398b982a2a9f6051187cfe6e8f1b0b

    • SSDEEP

      12288:V/36Qn32mOgeVztEMz3Jx8fnLd4S3Ntcq:t7deXP8fnRTcq

    Score
    10/10
    stealczgratdiscoveryratstealer

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks