General
-
Target
765ddbbff5fc687fe0ad871a9cf59eaec452f00cdcac803f6c41c7feab5d0d2b.exe
-
Size
3.6MB
-
Sample
240207-zyjw3acegr
-
MD5
308d26166b4569b7323c948b02f170b2
-
SHA1
577b0a2f93528b95e652136de2ccb13e5c34b95e
-
SHA256
765ddbbff5fc687fe0ad871a9cf59eaec452f00cdcac803f6c41c7feab5d0d2b
-
SHA512
cc759d4cc247f13a3c9cbd422df112cd54b3f2414ed176a3a3aa8959865db8f48040687f45d4886112d7a29e8d7f32179e09aa8d801fd5d29b3be6ce474ebb51
-
SSDEEP
98304:CmVIHeB8VJs21gujnXQNIX7ssksC5K89D:YVHtjXQcssksV8D
Static task
static1
Behavioral task
behavioral1
Sample
765ddbbff5fc687fe0ad871a9cf59eaec452f00cdcac803f6c41c7feab5d0d2b.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
765ddbbff5fc687fe0ad871a9cf59eaec452f00cdcac803f6c41c7feab5d0d2b.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
stealerium
https://discord.com/api/webhooks/1200397280960852070/TExZuN0MKj2BsfGJDc7F-9qVK-4LYeYTCfFyUmiHYwAhJM4GNuQVTLJTnDPT4xQdIWCc
Targets
-
-
Target
765ddbbff5fc687fe0ad871a9cf59eaec452f00cdcac803f6c41c7feab5d0d2b.exe
-
Size
3.6MB
-
MD5
308d26166b4569b7323c948b02f170b2
-
SHA1
577b0a2f93528b95e652136de2ccb13e5c34b95e
-
SHA256
765ddbbff5fc687fe0ad871a9cf59eaec452f00cdcac803f6c41c7feab5d0d2b
-
SHA512
cc759d4cc247f13a3c9cbd422df112cd54b3f2414ed176a3a3aa8959865db8f48040687f45d4886112d7a29e8d7f32179e09aa8d801fd5d29b3be6ce474ebb51
-
SSDEEP
98304:CmVIHeB8VJs21gujnXQNIX7ssksC5K89D:YVHtjXQcssksV8D
Score10/10-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects executables manipulated with Fody
-
Detects executables referencing Discord tokens regular expressions
-
Detects executables referencing credit card regular expressions
-
Detects executables referencing many VPN software clients. Observed in infosteslers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables with interest in wireless interface using netsh
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-