Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3e3044b876d7412a20c0f1e6dbebe7b5c11c31ff7ff94b2bcf9b97909e2e9a28

  • Size

    372KB

  • Sample

    240510-js7syabf5y

  • MD5

    7b88e19a82c4d366aa131d3eab9da271

  • SHA1

    2c97b52eaf4655702bc69a8b1e8a129a8d6b24ef

  • SHA256

    3e3044b876d7412a20c0f1e6dbebe7b5c11c31ff7ff94b2bcf9b97909e2e9a28

  • SHA512

    10e9dc970fd11d371941dcaf3d060d856764d561d1795191d27fb92805b6999d7938c66d090d64fa4de93107b4502c23dfbf1174a5435d070f8b27f2aed7906a

  • SSDEEP

    6144:oetK0xCObQ2fKaCJVeUg8gSX9THaaQJdHuU+7SH5t6VYTZfm4:oetKRixyaCWDORJQJdHuU+7SZtNZ+4

Score
10/10
stealczgratdiscoveryratspywarestealer

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes
  • url_path

    /c698e1bc8a2f5e6d.php

Targets

    • Target

      3e3044b876d7412a20c0f1e6dbebe7b5c11c31ff7ff94b2bcf9b97909e2e9a28

    • Size

      372KB

    • MD5

      7b88e19a82c4d366aa131d3eab9da271

    • SHA1

      2c97b52eaf4655702bc69a8b1e8a129a8d6b24ef

    • SHA256

      3e3044b876d7412a20c0f1e6dbebe7b5c11c31ff7ff94b2bcf9b97909e2e9a28

    • SHA512

      10e9dc970fd11d371941dcaf3d060d856764d561d1795191d27fb92805b6999d7938c66d090d64fa4de93107b4502c23dfbf1174a5435d070f8b27f2aed7906a

    • SSDEEP

      6144:oetK0xCObQ2fKaCJVeUg8gSX9THaaQJdHuU+7SH5t6VYTZfm4:oetKRixyaCWDORJQJdHuU+7SZtNZ+4

    Score
    10/10
    stealczgratdiscoveryratspywarestealer

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks