stealc | 409b0e41b78f8b2ca44ffbbdd291a58f0a3ca62cc046b5d5e607ebd0e077cfd6 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

409b0e41b78f8b2ca44ffbbdd291a58f0a3ca62cc046b5d5e607ebd0e077cfd6
Size

383KB
Sample

240509-lygvtabh2w
MD5

00c2ceca99b1088bc1356f709499edae
SHA1

a7ac5c3b981d11df14294e4a60283216a71ff9cc
SHA256

409b0e41b78f8b2ca44ffbbdd291a58f0a3ca62cc046b5d5e607ebd0e077cfd6
SHA512

79107aa7e36e5f2f8af091e61ea1b4d441eb2914184b6ee9d8365b175a90304d03baacbcbb8c58cc7f5453fcb523ed5d73ed6e53cfd910b616a89f7a759c1358
SSDEEP

6144:0wUnEcZwBa7zsNtiNSm4G6GL8yLPRlbxwHzT9L2EJ2iA179uVWQj9eJK2l:tkEMKYd88wP3JAhIjUJK2l

Score

10^/10

stealc zgrat discovery rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

409b0e41b78f8b2ca44ffbbdd291a58f0a3ca62cc046b5d5e607ebd0e077cfd6.exe

Resource

win10v2004-20240508-en

stealc zgrat discovery rat spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

409b0e41b78f8b2ca44ffbbdd291a58f0a3ca62cc046b5d5e607ebd0e077cfd6.exe

Resource

win11-20240426-en

stealc zgrat discovery rat spyware stealer

windows11-21h2-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes

url_path
/c698e1bc8a2f5e6d.php

Targets

- Target
  
  409b0e41b78f8b2ca44ffbbdd291a58f0a3ca62cc046b5d5e607ebd0e077cfd6
- Size
  
  383KB
- MD5
  
  00c2ceca99b1088bc1356f709499edae
- SHA1
  
  a7ac5c3b981d11df14294e4a60283216a71ff9cc
- SHA256
  
  409b0e41b78f8b2ca44ffbbdd291a58f0a3ca62cc046b5d5e607ebd0e077cfd6
- SHA512
  
  79107aa7e36e5f2f8af091e61ea1b4d441eb2914184b6ee9d8365b175a90304d03baacbcbb8c58cc7f5453fcb523ed5d73ed6e53cfd910b616a89f7a759c1358
- SSDEEP
  
  6144:0wUnEcZwBa7zsNtiNSm4G6GL8yLPRlbxwHzT9L2EJ2iA179uVWQj9eJK2l:tkEMKYd88wP3JAhIjUJK2l
Score

10^/10

stealc zgrat discovery rat spyware stealer
- Detect ZGRat V1
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealczgratdiscoveryratspywarestealer

behavioral2

stealczgratdiscoveryratspywarestealer

© 2018-2025

Terms | Privacy