stealc | 6d7226154b8ed4534ed8e0a97e3c2863d094cc85be6a4bd23be5975865a5085a | Triage

Submit
Reports

Overview

overview

Static

static

e4877fdcef...e2.exe

windows7-x64

e4877fdcef...e2.exe

windows10-2004-x64

Sharing

General

Target

097a014e9066d6a4dd30e057e18eb511.bin
Size

2.3MB
Sample

240515-bcrssahf64
MD5

d038e9e7e7e2edf36b9fbb69d36a94ab
SHA1

f466db3945c8ead3c5b1ee3d22758e4ed9cda2e6
SHA256

6d7226154b8ed4534ed8e0a97e3c2863d094cc85be6a4bd23be5975865a5085a
SHA512

5142d7b677a9b5ad0f3eb5255672c8a7be15a2f082b17033758b74ace46ca2b4fdfde89e6926bdc24346cc50f79cc7fdc26737f26fc5d0a16df86afa83de0071
SSDEEP

49152:pvuC9/LVG6dWYM4khgbLjSinGdGvoC2vEShndd1YVodvNfo:pvuww6dtkOD3GdWoC2MWaVod1fo

Score

10^/10

stealc vidar zgrat rat spyware stealer

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

e4877fdceffd87cec166b266532a431e0d5e7644d950ce9566d2f14bc18be5e2.exe

Resource

win7-20240220-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

e4877fdceffd87cec166b266532a431e0d5e7644d950ce9566d2f14bc18be5e2.exe

Resource

win10v2004-20240426-en

stealc vidar zgrat rat spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

stealc

rc4.plain

Targets

- Target
  
  e4877fdceffd87cec166b266532a431e0d5e7644d950ce9566d2f14bc18be5e2.exe
- Size
  
  3.0MB
- MD5
  
  097a014e9066d6a4dd30e057e18eb511
- SHA1
  
  2baa37cdc9b69e4083fdf468240cbacb1f2851ae
- SHA256
  
  e4877fdceffd87cec166b266532a431e0d5e7644d950ce9566d2f14bc18be5e2
- SHA512
  
  3409f75f0d073146410ebf31f487626e0c5fc01abb962f56b673256e72981f3e4f5c063e6690feeff1b2937bd14b453c38823242c9dee9e607fe63888d9ad627
- SSDEEP
  
  49152:HzcK4Uk57r6mnw8fqFEIawGt2jlobG+FVSA7tffhpZ4F/3:HzvMWmnZSVawGtjHFVS8ffDZ4J
Score

10^/10

zgrat rat stealc vidar spyware stealer
- Detect Vidar Stealer
  stealer
- Detect ZGRat V1
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

stealcvidarzgratratspywarestealer

© 2018-2024

Terms | Privacy