General
-
Target
7fb7d32dfa0e486c25246087fcee7521cc1478530cacc80ccfba3bbe85794030
-
Size
364KB
-
Sample
240508-yrg88afd35
-
MD5
c285f78cc4596781417aeea91a24c026
-
SHA1
35a604ffa862a42e5e62b6e64818b173293247fa
-
SHA256
7fb7d32dfa0e486c25246087fcee7521cc1478530cacc80ccfba3bbe85794030
-
SHA512
c2c9ba1a2c0cea35c0a49bd17d13983809c7657bcec177ba15a216980ba4b56316fc9d90bf0b0a8d00d366e0b2541c2040ba761baa369211af233c3b22a30a74
-
SSDEEP
6144:9HjGRWK3W3yK7lKM6FBEwOaIbJp4U/BKfL/z22v2qDx6Anq4Ndy3YTDXgF:9DGEK3WiK7UMCbm6bfVDxrntTDXgF
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
7fb7d32dfa0e486c25246087fcee7521cc1478530cacc80ccfba3bbe85794030
-
Size
364KB
-
MD5
c285f78cc4596781417aeea91a24c026
-
SHA1
35a604ffa862a42e5e62b6e64818b173293247fa
-
SHA256
7fb7d32dfa0e486c25246087fcee7521cc1478530cacc80ccfba3bbe85794030
-
SHA512
c2c9ba1a2c0cea35c0a49bd17d13983809c7657bcec177ba15a216980ba4b56316fc9d90bf0b0a8d00d366e0b2541c2040ba761baa369211af233c3b22a30a74
-
SSDEEP
6144:9HjGRWK3W3yK7lKM6FBEwOaIbJp4U/BKfL/z22v2qDx6Anq4Ndy3YTDXgF:9DGEK3WiK7UMCbm6bfVDxrntTDXgF
Score10/10-
Detect ZGRat V1
-
Stealc
Stealc is an infostealer written in C++.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-