General
-
Target
25e0a373d37e3e98f1f8a811b7fcbb59ef58bf1aa07b4868d23fbd28c997615c
-
Size
382KB
-
Sample
240509-s8bvwacg28
-
MD5
6b68f67dce69cec28b7d86cf293edce9
-
SHA1
02bb5634c25be1e28e5024a3d7bc9637dcb4ed2b
-
SHA256
25e0a373d37e3e98f1f8a811b7fcbb59ef58bf1aa07b4868d23fbd28c997615c
-
SHA512
348551193c07b7d22557e0ef449e12aff309b2844b05153a2669b433760c662569794ea77ee29ec1fb92f72e27134c3d02d81aa7dc1757abde5f5dfb8bd3e8d4
-
SSDEEP
6144:6vNgu2vVzeAvNremF2xnbfS13eB43pvuL7HpyEeJKXK:6vNL2vVSzmQxnbf4mCSHpy9JKXK
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
25e0a373d37e3e98f1f8a811b7fcbb59ef58bf1aa07b4868d23fbd28c997615c
-
Size
382KB
-
MD5
6b68f67dce69cec28b7d86cf293edce9
-
SHA1
02bb5634c25be1e28e5024a3d7bc9637dcb4ed2b
-
SHA256
25e0a373d37e3e98f1f8a811b7fcbb59ef58bf1aa07b4868d23fbd28c997615c
-
SHA512
348551193c07b7d22557e0ef449e12aff309b2844b05153a2669b433760c662569794ea77ee29ec1fb92f72e27134c3d02d81aa7dc1757abde5f5dfb8bd3e8d4
-
SSDEEP
6144:6vNgu2vVzeAvNremF2xnbfS13eB43pvuL7HpyEeJKXK:6vNL2vVSzmQxnbf4mCSHpy9JKXK
Score10/10-
Detect ZGRat V1
-
Stealc
Stealc is an infostealer written in C++.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-