General
-
Target
9420c81b7ccceefe022ab68286e2efd006f9e39179ed988448203eebb186cb7f
-
Size
382KB
-
Sample
240509-s9vz5shg8t
-
MD5
d213fbb1dc57328da6772ea5aeebce26
-
SHA1
8e3c8cc4edc4ce51fb79653e98ac925590dfda89
-
SHA256
9420c81b7ccceefe022ab68286e2efd006f9e39179ed988448203eebb186cb7f
-
SHA512
c6252b1d2a44c5c9887dfce46b92aa841f5c819bbffe1e5f3a9ed0b2964d395d8d59fef31deff5a8fc1634cd61754067d37b23d2573f22f53b5fa36df118990a
-
SSDEEP
6144:6vNgu2vVzeAvNremF2xnbfS13eB43pvuL7HpyEeJKXF:6vNL2vVSzmQxnbf4mCSHpy9JKXF
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
9420c81b7ccceefe022ab68286e2efd006f9e39179ed988448203eebb186cb7f
-
Size
382KB
-
MD5
d213fbb1dc57328da6772ea5aeebce26
-
SHA1
8e3c8cc4edc4ce51fb79653e98ac925590dfda89
-
SHA256
9420c81b7ccceefe022ab68286e2efd006f9e39179ed988448203eebb186cb7f
-
SHA512
c6252b1d2a44c5c9887dfce46b92aa841f5c819bbffe1e5f3a9ed0b2964d395d8d59fef31deff5a8fc1634cd61754067d37b23d2573f22f53b5fa36df118990a
-
SSDEEP
6144:6vNgu2vVzeAvNremF2xnbfS13eB43pvuL7HpyEeJKXF:6vNL2vVSzmQxnbf4mCSHpy9JKXF
Score10/10-
Detect ZGRat V1
-
Stealc
Stealc is an infostealer written in C++.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-