General
-
Target
7225c6e849efe9fad99d98968e29c2be.exe
-
Size
178KB
-
Sample
240222-t8sn3acf2y
-
MD5
7225c6e849efe9fad99d98968e29c2be
-
SHA1
cc6f73a658e4e3c0c57e3c960f0d338d7cb2ca07
-
SHA256
115b06aef5ab2341804a93e462f179272811075452ec28c9e12280f1b2ac799d
-
SHA512
e714988d9b14ad323aea06373133f644ee4478181eeaf5d5fae9d00a6c978a03d1be8b89ddc528d1499fb9feda225246c26cec24a3190ccb99693d24130f6c54
-
SSDEEP
3072:4yGBWNQjuII0BALnken+ZlthcCrWO9aPHkQoNfBCvf08Nh:ASQjuII0Bwnken+vgCBaPEQYB2
Static task
static1
Behavioral task
behavioral1
Sample
7225c6e849efe9fad99d98968e29c2be.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
http://185.172.128.145
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
7225c6e849efe9fad99d98968e29c2be.exe
-
Size
178KB
-
MD5
7225c6e849efe9fad99d98968e29c2be
-
SHA1
cc6f73a658e4e3c0c57e3c960f0d338d7cb2ca07
-
SHA256
115b06aef5ab2341804a93e462f179272811075452ec28c9e12280f1b2ac799d
-
SHA512
e714988d9b14ad323aea06373133f644ee4478181eeaf5d5fae9d00a6c978a03d1be8b89ddc528d1499fb9feda225246c26cec24a3190ccb99693d24130f6c54
-
SSDEEP
3072:4yGBWNQjuII0BALnken+ZlthcCrWO9aPHkQoNfBCvf08Nh:ASQjuII0Bwnken+vgCBaPEQYB2
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-