General
-
Target
ffd9def9418d3d140e0e9e39e88ad898.exe
-
Size
306KB
-
Sample
240428-s4rqjabc6x
-
MD5
ffd9def9418d3d140e0e9e39e88ad898
-
SHA1
c71b244c51ac349e2f7a41f7a55a27fc1ca8361a
-
SHA256
2ad46d1e3c84a67063d7b773b774640c4f52ce27607a7559174177f2dcbdca3c
-
SHA512
015020adb4dc8b73174388965fb7bc9a7770b7a57f580ec631ca4a11d99383e6cc3c1ab08bac0ebf12b00f05ec1af53b557cba25646f452fb13e0efdd030951a
-
SSDEEP
3072:b3OxChMwp/fzpHctNq+IbLO4bIimy+OZYgluJOxguQhjZXCw0gYKoiHEyI7IuU:L957FLzjw6ZNuJSQhjgZVmEy+U
Static task
static1
Behavioral task
behavioral1
Sample
ffd9def9418d3d140e0e9e39e88ad898.exe
Resource
win7-20240220-en
Malware Config
Extracted
stealc
http://185.172.128.151
-
url_path
/7043a0c6a68d9c65.php
Targets
-
-
Target
ffd9def9418d3d140e0e9e39e88ad898.exe
-
Size
306KB
-
MD5
ffd9def9418d3d140e0e9e39e88ad898
-
SHA1
c71b244c51ac349e2f7a41f7a55a27fc1ca8361a
-
SHA256
2ad46d1e3c84a67063d7b773b774640c4f52ce27607a7559174177f2dcbdca3c
-
SHA512
015020adb4dc8b73174388965fb7bc9a7770b7a57f580ec631ca4a11d99383e6cc3c1ab08bac0ebf12b00f05ec1af53b557cba25646f452fb13e0efdd030951a
-
SSDEEP
3072:b3OxChMwp/fzpHctNq+IbLO4bIimy+OZYgluJOxguQhjZXCw0gYKoiHEyI7IuU:L957FLzjw6ZNuJSQhjgZVmEy+U
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-