stealc

General

Target

ffb45f5dfa5697d83230cf9f2920bbd8e386b30ab0be1f8062091c45924f532e
Size

382KB
Sample

240509-qb2c6adh35
MD5

7fbbacf3295152cb0584a4e7d027b386
SHA1

a3d12d98a78394b24f5d1aeb0db7d3c5c5f1eb2c
SHA256

ffb45f5dfa5697d83230cf9f2920bbd8e386b30ab0be1f8062091c45924f532e
SHA512

5c64fd7145230fd622c7094d1570780cf1485303aabbb27d524e2811f92d8d43e81b351ec2cd789eea9b98e252186c3d61bd6f21a247f54a58c919c709f891d5
SSDEEP

6144:1jNHmrGVx/2m1f+eo864r+m4fSw3Axa3Uet46nBeJKtq:1jNGexJo8raXfS8Axa35t46nUJKtq

Score

10^/10

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes

url_path
/c698e1bc8a2f5e6d.php

Targets

- Target
  
  ffb45f5dfa5697d83230cf9f2920bbd8e386b30ab0be1f8062091c45924f532e
- Size
  
  382KB
- MD5
  
  7fbbacf3295152cb0584a4e7d027b386
- SHA1
  
  a3d12d98a78394b24f5d1aeb0db7d3c5c5f1eb2c
- SHA256
  
  ffb45f5dfa5697d83230cf9f2920bbd8e386b30ab0be1f8062091c45924f532e
- SHA512
  
  5c64fd7145230fd622c7094d1570780cf1485303aabbb27d524e2811f92d8d43e81b351ec2cd789eea9b98e252186c3d61bd6f21a247f54a58c919c709f891d5
- SSDEEP
  
  6144:1jNHmrGVx/2m1f+eo864r+m4fSw3Axa3Uet46nBeJKtq:1jNGexJo8raXfS8Axa35t46nUJKtq
Score

10^/10

stealc zgrat discovery rat stealer
- Detect ZGRat V1
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

4

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2