General
-
Target
991e13cb726297c197cef44a771e0f79b3f1669ee6c9fd1dffcd60a66c784772
-
Size
365KB
-
Sample
240508-s8jkqabh7w
-
MD5
d88ed646b49723f7bc0a11e8141a3cac
-
SHA1
e91853aad5f1b9c658df0133370c7d23694fb7bb
-
SHA256
991e13cb726297c197cef44a771e0f79b3f1669ee6c9fd1dffcd60a66c784772
-
SHA512
a8a72c8564576aceedfdf47fec25dfbba3602ad82ab80dea4a8564c933fedffbb7e35333dfb55c482114c08913ad26074b51612fa35c60a0233a22938bae6a76
-
SSDEEP
6144:0j9PNW6k+7KXF5gUZwnAFpPLr2PXEVT1NjGzG4YqJcbbYTOO/:0j9PA6d7K4UZwQ2Xw1mt+b8OO/
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
991e13cb726297c197cef44a771e0f79b3f1669ee6c9fd1dffcd60a66c784772
-
Size
365KB
-
MD5
d88ed646b49723f7bc0a11e8141a3cac
-
SHA1
e91853aad5f1b9c658df0133370c7d23694fb7bb
-
SHA256
991e13cb726297c197cef44a771e0f79b3f1669ee6c9fd1dffcd60a66c784772
-
SHA512
a8a72c8564576aceedfdf47fec25dfbba3602ad82ab80dea4a8564c933fedffbb7e35333dfb55c482114c08913ad26074b51612fa35c60a0233a22938bae6a76
-
SSDEEP
6144:0j9PNW6k+7KXF5gUZwnAFpPLr2PXEVT1NjGzG4YqJcbbYTOO/:0j9PA6d7K4UZwQ2Xw1mt+b8OO/
Score10/10-
Detect ZGRat V1
-
Stealc
Stealc is an infostealer written in C++.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-