General
-
Target
938d9a2b5fb3e82bb18c20441e6504d49b5bb4667ac74ccd65151187bd75b962
-
Size
297KB
-
Sample
240403-x8wbqsae3x
-
MD5
17ec730850d6da0a4ba296b2007ca4ff
-
SHA1
2351a2f7b827a051741c3fc8caa5e957a3ec2dc2
-
SHA256
938d9a2b5fb3e82bb18c20441e6504d49b5bb4667ac74ccd65151187bd75b962
-
SHA512
b8f84acd6a6c1290b0ebd004d7a2d5f5b449eb5ee513e44730c0e5f5907321c43a6003188c59e4c661fccf1e410b8d7b69a67c27b2f55c9f21560af6f5d3b3c3
-
SSDEEP
3072:LZYA/ve9rhnkPYU3fNh+VifiXhXnosS1xZlmFpnnQf/itMTl:L+kQUnmi6RosAxGpnnQHiMT
Static task
static1
Behavioral task
behavioral1
Sample
938d9a2b5fb3e82bb18c20441e6504d49b5bb4667ac74ccd65151187bd75b962.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
stealc
http://185.172.128.26
-
url_path
/f993692117a3fda2.php
Targets
-
-
Target
938d9a2b5fb3e82bb18c20441e6504d49b5bb4667ac74ccd65151187bd75b962
-
Size
297KB
-
MD5
17ec730850d6da0a4ba296b2007ca4ff
-
SHA1
2351a2f7b827a051741c3fc8caa5e957a3ec2dc2
-
SHA256
938d9a2b5fb3e82bb18c20441e6504d49b5bb4667ac74ccd65151187bd75b962
-
SHA512
b8f84acd6a6c1290b0ebd004d7a2d5f5b449eb5ee513e44730c0e5f5907321c43a6003188c59e4c661fccf1e410b8d7b69a67c27b2f55c9f21560af6f5d3b3c3
-
SSDEEP
3072:LZYA/ve9rhnkPYU3fNh+VifiXhXnosS1xZlmFpnnQf/itMTl:L+kQUnmi6RosAxGpnnQHiMT
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-