General
-
Target
81b902b86e41b3f81a47a16db6819f185999099a12c199df107edeef8720a897
-
Size
287KB
-
Sample
240403-lq5a5sbf8s
-
MD5
8a2cc0abd8835e34ebf3515a953c7e10
-
SHA1
6601da12e43e63d2e1cb2368577772bb5a2bb568
-
SHA256
81b902b86e41b3f81a47a16db6819f185999099a12c199df107edeef8720a897
-
SHA512
95f5de5fc2a0eeffa247de7f5ae129a47a5242cbba1f8034034f5872129e135824f85bdc4e5a248e5c0750d89d212b1f3c96772b884706dddef378b21490e4f9
-
SSDEEP
3072:p+F+j3P4eAVOa2FMe+HNUctz2pEUErPuwyss9FJ55rC/itMTQ:AKweAv2xsHS7GP1ysGFh2iMT
Static task
static1
Behavioral task
behavioral1
Sample
81b902b86e41b3f81a47a16db6819f185999099a12c199df107edeef8720a897.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.26
-
url_path
/f993692117a3fda2.php
Targets
-
-
Target
81b902b86e41b3f81a47a16db6819f185999099a12c199df107edeef8720a897
-
Size
287KB
-
MD5
8a2cc0abd8835e34ebf3515a953c7e10
-
SHA1
6601da12e43e63d2e1cb2368577772bb5a2bb568
-
SHA256
81b902b86e41b3f81a47a16db6819f185999099a12c199df107edeef8720a897
-
SHA512
95f5de5fc2a0eeffa247de7f5ae129a47a5242cbba1f8034034f5872129e135824f85bdc4e5a248e5c0750d89d212b1f3c96772b884706dddef378b21490e4f9
-
SSDEEP
3072:p+F+j3P4eAVOa2FMe+HNUctz2pEUErPuwyss9FJ55rC/itMTQ:AKweAv2xsHS7GP1ysGFh2iMT
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-