stealc

General

Target

a20170bf01cc684aaad6f97118d880953b252fccacae9ad4a9d6706113e14107
Size

382KB
Sample

240509-p9fzfadf73
MD5

310d454d90bee8bc4fe080f8342c0d7c
SHA1

60150ea92e7a1fde8531fd86b3af512d67efc7f4
SHA256

a20170bf01cc684aaad6f97118d880953b252fccacae9ad4a9d6706113e14107
SHA512

871bc64aa1a36796d5aba797a8d36a134ef20ccdb41b14d3c08ec2256fea1d044e810ac2ffead079355b101db80cd17cd4fdd3250d1e5e1df91f806efc16d6a9
SSDEEP

6144:1jNHmrGVx/2m1f+eo864r+m4fSw3Axa3Uet46nBeJKtv:1jNGexJo8raXfS8Axa35t46nUJKtv

Score

10^/10

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes

url_path
/c698e1bc8a2f5e6d.php

Targets

- Target
  
  a20170bf01cc684aaad6f97118d880953b252fccacae9ad4a9d6706113e14107
- Size
  
  382KB
- MD5
  
  310d454d90bee8bc4fe080f8342c0d7c
- SHA1
  
  60150ea92e7a1fde8531fd86b3af512d67efc7f4
- SHA256
  
  a20170bf01cc684aaad6f97118d880953b252fccacae9ad4a9d6706113e14107
- SHA512
  
  871bc64aa1a36796d5aba797a8d36a134ef20ccdb41b14d3c08ec2256fea1d044e810ac2ffead079355b101db80cd17cd4fdd3250d1e5e1df91f806efc16d6a9
- SSDEEP
  
  6144:1jNHmrGVx/2m1f+eo864r+m4fSw3Axa3Uet46nBeJKtv:1jNGexJo8raXfS8Axa35t46nUJKtv
Score

10^/10

stealc zgrat discovery rat stealer
- Detect ZGRat V1
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

4

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2