General
-
Target
ccc8a6f55ef2025afc69a9810d8dde726e5c3c71de31b59a3edf0610160dcdf9
-
Size
419KB
-
Sample
240509-3h76hagf44
-
MD5
23a552659649b551b45ee82f29eeb0f3
-
SHA1
b11cc99614a496e169b68245248ad108d25a1ebe
-
SHA256
ccc8a6f55ef2025afc69a9810d8dde726e5c3c71de31b59a3edf0610160dcdf9
-
SHA512
77579b896acd78b1f3dc603d92004c25dfe031f9ed40a6e737d338c054e06b17d149f2341ab86b12b317005f0d5859a847c69dfa3f4c2a6a69d18e7dd6764aa0
-
SSDEEP
6144:adQDC9/gjoevDLvcjEgQvXr04KLq8pGYkmCuf8Tt41:adQDSojoevn4o04T8pGYkmCh41
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
ccc8a6f55ef2025afc69a9810d8dde726e5c3c71de31b59a3edf0610160dcdf9
-
Size
419KB
-
MD5
23a552659649b551b45ee82f29eeb0f3
-
SHA1
b11cc99614a496e169b68245248ad108d25a1ebe
-
SHA256
ccc8a6f55ef2025afc69a9810d8dde726e5c3c71de31b59a3edf0610160dcdf9
-
SHA512
77579b896acd78b1f3dc603d92004c25dfe031f9ed40a6e737d338c054e06b17d149f2341ab86b12b317005f0d5859a847c69dfa3f4c2a6a69d18e7dd6764aa0
-
SSDEEP
6144:adQDC9/gjoevDLvcjEgQvXr04KLq8pGYkmCuf8Tt41:adQDSojoevn4o04T8pGYkmCh41
Score10/10-
Detect ZGRat V1
-
Detects Arechclient2 RAT
Arechclient2.
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Stealc
Stealc is an infostealer written in C++.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-