General
-
Target
2ec2583edf935a0b71968c81e50358790cbcad334e88dc5d9ee87f716978fbd8
-
Size
373KB
-
Sample
240510-pvtxraab59
-
MD5
1cc59ed1f9fb86fa17aa40eff895af87
-
SHA1
d155623485082e66f1fde795b5c9a544805f75ad
-
SHA256
2ec2583edf935a0b71968c81e50358790cbcad334e88dc5d9ee87f716978fbd8
-
SHA512
2ada3990f204fe9357e9feb657d534760bf82128f3447d50ac3cd2ed8e84d124341540c0bbeeb14f9d16026767ba2fc3a8058ba9e56b1c04b4e4e62d5c81b045
-
SSDEEP
6144:Xm7tnXHiPWJ/b1ZPB66To26pxlW0BmbtKjCouJJtqOCFgqIt0TtMY:Xm7tnyOtb1ZZ66TrbqiIFGqmY
Static task
static1
Behavioral task
behavioral1
Sample
2ec2583edf935a0b71968c81e50358790cbcad334e88dc5d9ee87f716978fbd8.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
2ec2583edf935a0b71968c81e50358790cbcad334e88dc5d9ee87f716978fbd8
-
Size
373KB
-
MD5
1cc59ed1f9fb86fa17aa40eff895af87
-
SHA1
d155623485082e66f1fde795b5c9a544805f75ad
-
SHA256
2ec2583edf935a0b71968c81e50358790cbcad334e88dc5d9ee87f716978fbd8
-
SHA512
2ada3990f204fe9357e9feb657d534760bf82128f3447d50ac3cd2ed8e84d124341540c0bbeeb14f9d16026767ba2fc3a8058ba9e56b1c04b4e4e62d5c81b045
-
SSDEEP
6144:Xm7tnXHiPWJ/b1ZPB66To26pxlW0BmbtKjCouJJtqOCFgqIt0TtMY:Xm7tnyOtb1ZZ66TrbqiIFGqmY
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-