General
-
Target
2e04ac4351af2f59fd860fb16475d7b1.exe
-
Size
307KB
-
Sample
240428-s77adsbd3x
-
MD5
2e04ac4351af2f59fd860fb16475d7b1
-
SHA1
9c2b6cd56ac44fb5fb189e08d0de1b64d5475e31
-
SHA256
6760a4705383711ee29812a1e6f56b8d60c48a5375382025ce98ad4d0f2893ac
-
SHA512
da2d58f566ef4099eff9a122df8cd203daa248966b822060b7c2021773f3b19cfc8a0ea283911d656cb542e3dd7aec656ae1b90080f85707f056d4d972202a40
-
SSDEEP
3072:437S/ThgppOddNE+R+DbL169pzVtVtbpbzYXBqiUaDHEeQI7IuU:heXOvrU0tzIRqKLEN+U
Static task
static1
Behavioral task
behavioral1
Sample
2e04ac4351af2f59fd860fb16475d7b1.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
2e04ac4351af2f59fd860fb16475d7b1.exe
-
Size
307KB
-
MD5
2e04ac4351af2f59fd860fb16475d7b1
-
SHA1
9c2b6cd56ac44fb5fb189e08d0de1b64d5475e31
-
SHA256
6760a4705383711ee29812a1e6f56b8d60c48a5375382025ce98ad4d0f2893ac
-
SHA512
da2d58f566ef4099eff9a122df8cd203daa248966b822060b7c2021773f3b19cfc8a0ea283911d656cb542e3dd7aec656ae1b90080f85707f056d4d972202a40
-
SSDEEP
3072:437S/ThgppOddNE+R+DbL169pzVtVtbpbzYXBqiUaDHEeQI7IuU:heXOvrU0tzIRqKLEN+U
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-