stealc

General

Target

282866097e1dfb5c11e0af461439e44818445255c13563b90f7112068255caba
Size

364KB
Sample

240508-x1drqade86
MD5

c43653d6e731c3daca92d578a8b8e41d
SHA1

e239fb0c28050fbbbfa392ffdee91c401500a89f
SHA256

282866097e1dfb5c11e0af461439e44818445255c13563b90f7112068255caba
SHA512

f37c59e3885e413bc1c8db8dc858238aa7d7410f904222a3097ad4630494de8e09584478d2f1a3a83a8dd1425c841f97087ee3d3e3e58d56dee1bd852ae6abb5
SSDEEP

6144:US0t5FW7l8UYZb1jNb41/6vpo+kveaeldhFeyf8rSYMOLcPZuBkT7YKkUT3fgF:US0nY7+5ao6DmlLhFerrSYMOEZuBkPTQ

Score

10^/10

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes

url_path
/c698e1bc8a2f5e6d.php

Targets

- Target
  
  282866097e1dfb5c11e0af461439e44818445255c13563b90f7112068255caba
- Size
  
  364KB
- MD5
  
  c43653d6e731c3daca92d578a8b8e41d
- SHA1
  
  e239fb0c28050fbbbfa392ffdee91c401500a89f
- SHA256
  
  282866097e1dfb5c11e0af461439e44818445255c13563b90f7112068255caba
- SHA512
  
  f37c59e3885e413bc1c8db8dc858238aa7d7410f904222a3097ad4630494de8e09584478d2f1a3a83a8dd1425c841f97087ee3d3e3e58d56dee1bd852ae6abb5
- SSDEEP
  
  6144:US0t5FW7l8UYZb1jNb41/6vpo+kveaeldhFeyf8rSYMOLcPZuBkT7YKkUT3fgF:US0nY7+5ao6DmlLhFerrSYMOEZuBkPTQ
Score

10^/10

stealc zgrat discovery rat stealer
- Detect ZGRat V1
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

4

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2