General
-
Target
e2ee33a7a4d96b608f35b98c659f1e65642f4036353140ac2fd0ff5152eb4964.zip
-
Size
93KB
-
Sample
240402-l1yaksdf7x
-
MD5
15adbd16289d90ba076a50823f8b0938
-
SHA1
68ebe05198303d590a90050a06d4c0d97eec5350
-
SHA256
b8f9fe4f2a6afc881cdd986b661c2874f76d8a2b8c34a83b5360da74c5755389
-
SHA512
20f262e1f3593e9d1c97249da0c67ca9326ebd15b8dd74ceeb81f9ef0d6a0940ca4f9fba6996cfe83e9b7b59b962acf9d99b43b9dbf7518270a321a7393f5e38
-
SSDEEP
1536:bnUVCH+5xroqe9XNZaatZfOZufMCp4FYCTLvg94d2riYF9dHQnSmXr2aoC:bn2oEloPXNga3O4BIYMM6Yr1fmXr2HC
Static task
static1
Behavioral task
behavioral1
Sample
e2ee33a7a4d96b608f35b98c659f1e65642f4036353140ac2fd0ff5152eb4964.exe
Resource
win7-20240221-en
Malware Config
Extracted
smokeloader
tfd5
Extracted
smokeloader
2022
http://trad-einmyus.com/index.php
http://tradein-myus.com/index.php
http://trade-inmyus.com/index.php
Extracted
stealc
http://94.156.8.97
-
url_path
/990ecb7630625681.php
Targets
-
-
Target
e2ee33a7a4d96b608f35b98c659f1e65642f4036353140ac2fd0ff5152eb4964.exe
-
Size
161KB
-
MD5
6d06917a4f1ce19595f45d652cc3f5f1
-
SHA1
f12921fead53f540793ae3ceec9ddd9d2cbf576b
-
SHA256
e2ee33a7a4d96b608f35b98c659f1e65642f4036353140ac2fd0ff5152eb4964
-
SHA512
ea79f414aadc75c78e0de7956909ccc5a95b350aeb72846c6df6869a0249ed763f839b56ebc86f8087b56dbe3ef5943a45e8e37e273319816f1f6ca3611fba31
-
SSDEEP
3072:diZUCzlE+mKEYsBqbVj0Mx96KuuW58v7gyCXLO2Vf:d6UCz3SWVP96KM5CIO2F
-
Detect ZGRat V1
-
Downloads MZ/PE file
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-