General
-
Target
ac052cdeddb16499e02e2042206e139ad78ecf11fd86719b3611d2240e476e96
-
Size
387KB
-
Sample
240511-amh3ysda44
-
MD5
53ac821d73be008f58a1adbd689cee9c
-
SHA1
59791e929fbc0867a4ec9658d5a309992227efc1
-
SHA256
ac052cdeddb16499e02e2042206e139ad78ecf11fd86719b3611d2240e476e96
-
SHA512
c7e681805be7622fb9adbf3d1117284a63a4175867693c568a49ccedd2d684a017e2b49e89c595402b37b3cf1a3cdc3c63012b69cd64e662a08a7f302ac4c4c6
-
SSDEEP
6144:JzP+6ZWEAS2YtQTTtNLiamb2gWwfGtUyeWPwj7Z9o4T9o/:JzP+6sjS3EjLKbdGtqfjC/
Static task
static1
Behavioral task
behavioral1
Sample
ac052cdeddb16499e02e2042206e139ad78ecf11fd86719b3611d2240e476e96.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
ac052cdeddb16499e02e2042206e139ad78ecf11fd86719b3611d2240e476e96
-
Size
387KB
-
MD5
53ac821d73be008f58a1adbd689cee9c
-
SHA1
59791e929fbc0867a4ec9658d5a309992227efc1
-
SHA256
ac052cdeddb16499e02e2042206e139ad78ecf11fd86719b3611d2240e476e96
-
SHA512
c7e681805be7622fb9adbf3d1117284a63a4175867693c568a49ccedd2d684a017e2b49e89c595402b37b3cf1a3cdc3c63012b69cd64e662a08a7f302ac4c4c6
-
SSDEEP
6144:JzP+6ZWEAS2YtQTTtNLiamb2gWwfGtUyeWPwj7Z9o4T9o/:JzP+6sjS3EjLKbdGtqfjC/
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-