General
-
Target
Application65bbc577b4bf7.rar
-
Size
7.9MB
-
Sample
240201-tyzpmabhaq
-
MD5
425043b149d5141589975e92a3c3475e
-
SHA1
308a07b116b2f46e424919d797c555bb4c066194
-
SHA256
d69be3adda5c9e44da6b9c7e3906100eb9d801e26d4436f55d38d6a1c02cad79
-
SHA512
1b069341765407d052c82c958c517b22721189e6dcb92c2625b4fa22c209bfae305783dcd3e5da9b85379d3cf1cebd7f8fb15015c28799a46b99ca27874c7523
-
SSDEEP
196608:22orhpx9tjnBg/FxkjvgR6esYAh7xhTuLtHmcB7a9T:ZoHxjjBQx4otsYKD80cFap
Static task
static1
Behavioral task
behavioral1
Sample
Application65bbc577b4bf7.rar
Resource
win7-20231129-en
Malware Config
Extracted
stealc
http://109.107.182.60
-
url_path
/118645f3b3a0b2f5.php
Targets
-
-
Target
Application65bbc577b4bf7.rar
-
Size
7.9MB
-
MD5
425043b149d5141589975e92a3c3475e
-
SHA1
308a07b116b2f46e424919d797c555bb4c066194
-
SHA256
d69be3adda5c9e44da6b9c7e3906100eb9d801e26d4436f55d38d6a1c02cad79
-
SHA512
1b069341765407d052c82c958c517b22721189e6dcb92c2625b4fa22c209bfae305783dcd3e5da9b85379d3cf1cebd7f8fb15015c28799a46b99ca27874c7523
-
SSDEEP
196608:22orhpx9tjnBg/FxkjvgR6esYAh7xhTuLtHmcB7a9T:ZoHxjjBQx4otsYKD80cFap
-
Downloads MZ/PE file
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-