General
-
Target
Camtasia.7z
-
Size
49.3MB
-
Sample
240221-n4bbbseg9s
-
MD5
85b2cdba78fcc5e95130da235b68312c
-
SHA1
5629c3b0a85f1a812398c594bedffaba62184f51
-
SHA256
910f3929060ba4b0276b3d588068fffc055408312ac75032e80e5ab35941d784
-
SHA512
7234a0b08c77a3696f1c190ed3e087151cfdb368c0aef12e07d5dc9b055324247742ae11b0468532d75629f573985c0dace48065882074a8f5381046de5ce95e
-
SSDEEP
1572864:g5KDGC/biDPM6R641AGwCLKGzvhhkken01Q2Kq4:g5WGC/ODPd64jwCLZ7hCJnGQW4
Static task
static1
Malware Config
Extracted
stealc
http://147.45.47.72
-
url_path
/eb6f29c6a60b3865.php
Targets
-
-
Target
Camtasia.7z
-
Size
49.3MB
-
MD5
85b2cdba78fcc5e95130da235b68312c
-
SHA1
5629c3b0a85f1a812398c594bedffaba62184f51
-
SHA256
910f3929060ba4b0276b3d588068fffc055408312ac75032e80e5ab35941d784
-
SHA512
7234a0b08c77a3696f1c190ed3e087151cfdb368c0aef12e07d5dc9b055324247742ae11b0468532d75629f573985c0dace48065882074a8f5381046de5ce95e
-
SSDEEP
1572864:g5KDGC/biDPM6R641AGwCLKGzvhhkken01Q2Kq4:g5WGC/ODPd64jwCLZ7hCJnGQW4
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-