General
-
Target
c5e99a29023acdc26c1acc3313f38be017cf2d254e4a95af68cd246bbd9f45a7
-
Size
365KB
-
Sample
240509-dfad1seg3v
-
MD5
830ca2606715fd6b7e3c505e48fb3981
-
SHA1
4ee89fbbdd4982120f5223bbbd6c5e2a14f3f178
-
SHA256
c5e99a29023acdc26c1acc3313f38be017cf2d254e4a95af68cd246bbd9f45a7
-
SHA512
2474047b586574857ad4d1d51ed70db41e3f9cb748d9efeb85f8ca486037d578cb71acb5a788f32c2f6017276d62d826be8638b2c8e26d8b6e16146a611b805a
-
SSDEEP
6144:1/yLAzjI3/kXehHDXHmlk+gdfmXHduMiFScdOVMJVGga06LNH4THWP:ZyLA/IPkXehHDXGnghm7YSUOVoVcVLNB
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
c5e99a29023acdc26c1acc3313f38be017cf2d254e4a95af68cd246bbd9f45a7
-
Size
365KB
-
MD5
830ca2606715fd6b7e3c505e48fb3981
-
SHA1
4ee89fbbdd4982120f5223bbbd6c5e2a14f3f178
-
SHA256
c5e99a29023acdc26c1acc3313f38be017cf2d254e4a95af68cd246bbd9f45a7
-
SHA512
2474047b586574857ad4d1d51ed70db41e3f9cb748d9efeb85f8ca486037d578cb71acb5a788f32c2f6017276d62d826be8638b2c8e26d8b6e16146a611b805a
-
SSDEEP
6144:1/yLAzjI3/kXehHDXHmlk+gdfmXHduMiFScdOVMJVGga06LNH4THWP:ZyLA/IPkXehHDXGnghm7YSUOVoVcVLNB
Score10/10-
Detect ZGRat V1
-
Stealc
Stealc is an infostealer written in C++.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-