General
-
Target
0915ce6438da0a74056f053eac3f46c5a55e892277c006f8dca4e5912b48ca15
-
Size
371KB
-
Sample
240510-gawa3shc99
-
MD5
142da7308a498f3f89fc0586ed2cbce9
-
SHA1
e694a4810d519757054d93dd2be1099d163e2b7b
-
SHA256
0915ce6438da0a74056f053eac3f46c5a55e892277c006f8dca4e5912b48ca15
-
SHA512
667a759ae906740db2d31f9e9203dd70d10ee61bc45d3b9560a2da76669276a2a76098fedd68e55618b3602f90a1a5a4abed156882223210d5a56017ab709333
-
SSDEEP
6144:aURdZSI5nrUscjLhfKpWrx+5nvyIuT/GODYYTJm8:aU7ZSI5ELkpixsnluT/GOnk8
Static task
static1
Behavioral task
behavioral1
Sample
0915ce6438da0a74056f053eac3f46c5a55e892277c006f8dca4e5912b48ca15.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
0915ce6438da0a74056f053eac3f46c5a55e892277c006f8dca4e5912b48ca15
-
Size
371KB
-
MD5
142da7308a498f3f89fc0586ed2cbce9
-
SHA1
e694a4810d519757054d93dd2be1099d163e2b7b
-
SHA256
0915ce6438da0a74056f053eac3f46c5a55e892277c006f8dca4e5912b48ca15
-
SHA512
667a759ae906740db2d31f9e9203dd70d10ee61bc45d3b9560a2da76669276a2a76098fedd68e55618b3602f90a1a5a4abed156882223210d5a56017ab709333
-
SSDEEP
6144:aURdZSI5nrUscjLhfKpWrx+5nvyIuT/GODYYTJm8:aU7ZSI5ELkpixsnluT/GOnk8
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-