stealc

General

Target

9c4f9d4d6d4d6fbb87de616e5cc4677f2742e4d09d313aae95dc41f1a96c2571
Size

364KB
Sample

240508-yres4ach2w
MD5

d916c4ede41cf6b9ca2bdd7bd4f19005
SHA1

31c6d1f4876eec95862786ef6d993347fbfc656c
SHA256

9c4f9d4d6d4d6fbb87de616e5cc4677f2742e4d09d313aae95dc41f1a96c2571
SHA512

ccefa722cbf9b9062eeaf9730a0eba45e23ee3f6a84eba9423eefdfb6c812342d1634d52ea265e8a65592694cf015f1f31e12760ec46bcbe65aa323377cb9e68
SSDEEP

6144:9HjGRWK3W3yK7lKM6FBEwOaIbJp4U/BKfL/z22v2qDx6Anq4Ndy3YTDXgP:9DGEK3WiK7UMCbm6bfVDxrntTDXgP

Score

10^/10

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes

url_path
/c698e1bc8a2f5e6d.php

Targets

- Target
  
  9c4f9d4d6d4d6fbb87de616e5cc4677f2742e4d09d313aae95dc41f1a96c2571
- Size
  
  364KB
- MD5
  
  d916c4ede41cf6b9ca2bdd7bd4f19005
- SHA1
  
  31c6d1f4876eec95862786ef6d993347fbfc656c
- SHA256
  
  9c4f9d4d6d4d6fbb87de616e5cc4677f2742e4d09d313aae95dc41f1a96c2571
- SHA512
  
  ccefa722cbf9b9062eeaf9730a0eba45e23ee3f6a84eba9423eefdfb6c812342d1634d52ea265e8a65592694cf015f1f31e12760ec46bcbe65aa323377cb9e68
- SSDEEP
  
  6144:9HjGRWK3W3yK7lKM6FBEwOaIbJp4U/BKfL/z22v2qDx6Anq4Ndy3YTDXgP:9DGEK3WiK7UMCbm6bfVDxrntTDXgP
Score

10^/10

stealc zgrat discovery rat stealer
- Detect ZGRat V1
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

4

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2