Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    96fce38b0770ed265a22ba22258c9f81c0cd24d990f924a3891b0561dc53fb34

  • Size

    413KB

  • Sample

    240409-lrbp8abh87

  • MD5

    0519b278b624bc86376278205355d163

  • SHA1

    d29bf131b735cbfa4a4cc0184e013a12c90cea80

  • SHA256

    96fce38b0770ed265a22ba22258c9f81c0cd24d990f924a3891b0561dc53fb34

  • SHA512

    284b76dd7e9512baf02acefe6eca92e11ca1a6f15769c9132f1a0ed582173eb599cc02dfe4a79e48063d338a2303cb53085f4908426b5c3527279591c5f6cc56

  • SSDEEP

    6144:K7qUCce1ok6UlOWl4q87TflFLeMye682nCmW6gNyOaG742Cmi/:K7qUCcOFVlOx/FLeMyenUIiGs2CR/

Score
10/10
buerstealczgratdiscoveryloaderratspywarestealer

Malware Config

Targets

    • Target

      96fce38b0770ed265a22ba22258c9f81c0cd24d990f924a3891b0561dc53fb34

    • Size

      413KB

    • MD5

      0519b278b624bc86376278205355d163

    • SHA1

      d29bf131b735cbfa4a4cc0184e013a12c90cea80

    • SHA256

      96fce38b0770ed265a22ba22258c9f81c0cd24d990f924a3891b0561dc53fb34

    • SHA512

      284b76dd7e9512baf02acefe6eca92e11ca1a6f15769c9132f1a0ed582173eb599cc02dfe4a79e48063d338a2303cb53085f4908426b5c3527279591c5f6cc56

    • SSDEEP

      6144:K7qUCce1ok6UlOWl4q87TflFLeMye682nCmW6gNyOaG742Cmi/:K7qUCcOFVlOx/FLeMyenUIiGs2CR/

    Score
    10/10
    stealczgratdiscoveryratspywarestealerbuerloader

    • Buer

      Buer is a new modular loader first seen in August 2019.

      loaderbuer

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

3
T1552

Credentials In Files

3
T1552.001

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks