General
-
Target
495286cf4a06a306c3774ab6eaa7293c7e3ee8bdd86137474fc914068301233c
-
Size
289KB
-
Sample
240403-pph83ade39
-
MD5
72ee6a5701ee0375067323f10fef62ff
-
SHA1
6e95611270d933a58111f01c3b08e2d08c77fb81
-
SHA256
495286cf4a06a306c3774ab6eaa7293c7e3ee8bdd86137474fc914068301233c
-
SHA512
5d5e0bf455d82e43580ac729c98a73c6eb202b33b46e0ed255ae956e913715dbe8d64d1a64a1e30550062ad89c754776b1703160141434d634cbdfdc258847a1
-
SSDEEP
3072:k4D0MM9wBZa0WkPhJ+KUsIh2aW1xmE7QbPIOB8OUiUuisRavkNxMaYK/HGB/itMU:kJJK3DfzosxubPCTiUuL3EBKvGpiMT
Static task
static1
Behavioral task
behavioral1
Sample
495286cf4a06a306c3774ab6eaa7293c7e3ee8bdd86137474fc914068301233c.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.26
-
url_path
/f993692117a3fda2.php
Targets
-
-
Target
495286cf4a06a306c3774ab6eaa7293c7e3ee8bdd86137474fc914068301233c
-
Size
289KB
-
MD5
72ee6a5701ee0375067323f10fef62ff
-
SHA1
6e95611270d933a58111f01c3b08e2d08c77fb81
-
SHA256
495286cf4a06a306c3774ab6eaa7293c7e3ee8bdd86137474fc914068301233c
-
SHA512
5d5e0bf455d82e43580ac729c98a73c6eb202b33b46e0ed255ae956e913715dbe8d64d1a64a1e30550062ad89c754776b1703160141434d634cbdfdc258847a1
-
SSDEEP
3072:k4D0MM9wBZa0WkPhJ+KUsIh2aW1xmE7QbPIOB8OUiUuisRavkNxMaYK/HGB/itMU:kJJK3DfzosxubPCTiUuL3EBKvGpiMT
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-