stealc | 929b4c620fbb3eefd458c2869b2830ac648151a6abf5d33c2666cafb35fa5d1e | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

929b4c620fbb3eefd458c2869b2830ac648151a6abf5d33c2666cafb35fa5d1e
Size

388KB
Sample

240510-3ds6saae78
MD5

94ffc96d37265d92da2406a89cc3758d
SHA1

b570efb0a6b5cf23cc8a19f48ff359b6156d27e8
SHA256

929b4c620fbb3eefd458c2869b2830ac648151a6abf5d33c2666cafb35fa5d1e
SHA512

0a6c3af80dc9243e5b9ea454268059a112d5c744568016c2924636e69d39e86c8ad3abeeba99bce801c00105b63bb80bb2388407cfe7123f0181ee5f6f0b1882
SSDEEP

12288:qDlQzUu8cUKdZN3QCUAWAOnxf3kBOtHKp1:qDqLU4zU9B3cOBKp1

Score

10^/10

stealc zgrat discovery rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

929b4c620fbb3eefd458c2869b2830ac648151a6abf5d33c2666cafb35fa5d1e.exe

Resource

win10v2004-20240508-en

stealc zgrat discovery rat spyware stealer

windows10-2004-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

929b4c620fbb3eefd458c2869b2830ac648151a6abf5d33c2666cafb35fa5d1e.exe

Resource

win11-20240426-en

stealc zgrat discovery rat spyware stealer

windows11-21h2-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes

url_path
/c698e1bc8a2f5e6d.php

Targets

- Target
  
  929b4c620fbb3eefd458c2869b2830ac648151a6abf5d33c2666cafb35fa5d1e
- Size
  
  388KB
- MD5
  
  94ffc96d37265d92da2406a89cc3758d
- SHA1
  
  b570efb0a6b5cf23cc8a19f48ff359b6156d27e8
- SHA256
  
  929b4c620fbb3eefd458c2869b2830ac648151a6abf5d33c2666cafb35fa5d1e
- SHA512
  
  0a6c3af80dc9243e5b9ea454268059a112d5c744568016c2924636e69d39e86c8ad3abeeba99bce801c00105b63bb80bb2388407cfe7123f0181ee5f6f0b1882
- SSDEEP
  
  12288:qDlQzUu8cUKdZN3QCUAWAOnxf3kBOtHKp1:qDqLU4zU9B3cOBKp1
Score

10^/10

stealc zgrat discovery rat spyware stealer
- Detect ZGRat V1
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealczgratdiscoveryratspywarestealer

behavioral2

stealczgratdiscoveryratspywarestealer

© 2018-2025

Terms | Privacy