allcome | a4c7425d4048848b51c036ee99ed5c755b0c914e7a0d5e850179e29279b54bc6 | Triage

Sharing

General

Target

a4c7425d4048848b51c036ee99ed5c755b0c914e7a0d5e850179e29279b54bc6
Size

537KB
Sample

221005-3gywfafhg3
MD5

66e394fb954eb0022410ccf263f79de9
SHA1

26fdb0540d3e5295c2d2a2e94e7eb16032b33b9c
SHA256

a4c7425d4048848b51c036ee99ed5c755b0c914e7a0d5e850179e29279b54bc6
SHA512

426759c9b0e891f24133e12c58e7e3ee0df4d16455415a0964bd251164cfb0cd80da81d0896c3670cc13d652b4e6e2755e570cc6951db1dce8685c7ede5266b7
SSDEEP

6144:KvoRWRuZvr7RWS7oQR9uNOqMri4vN/4uMe3UDS2ttFoAR/:5RWRuZXRWSDeNOPri4BTVUDnttFo

Score

10^/10

allcome stealer

Malware Config

Extracted

Family

allcome

C2

http://dba692117be7b6d3480fe5220fdd58b38bf.xyz/API/2/configure.php?cf6zrlhn=finarnw

Targets

- Target
  
  a4c7425d4048848b51c036ee99ed5c755b0c914e7a0d5e850179e29279b54bc6
- Size
  
  537KB
- MD5
  
  66e394fb954eb0022410ccf263f79de9
- SHA1
  
  26fdb0540d3e5295c2d2a2e94e7eb16032b33b9c
- SHA256
  
  a4c7425d4048848b51c036ee99ed5c755b0c914e7a0d5e850179e29279b54bc6
- SHA512
  
  426759c9b0e891f24133e12c58e7e3ee0df4d16455415a0964bd251164cfb0cd80da81d0896c3670cc13d652b4e6e2755e570cc6951db1dce8685c7ede5266b7
- SSDEEP
  
  6144:KvoRWRuZvr7RWS7oQR9uNOqMri4vN/4uMe3UDS2ttFoAR/:5RWRuZXRWSDeNOPri4BTVUDnttFo
Score

10^/10

allcome stealer
- Allcome
  A clipbanker that supports stealing different cryptocurrency wallets and payment forms.
  stealer allcome
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1