General
-
Target
8123caec2807143ff545f4c3af6c2d46cf80faeb37d22588533bce130b18e4a5
-
Size
297KB
-
Sample
240403-yr1essbf37
-
MD5
d726862f58336169a09b3d559077d746
-
SHA1
a9254f57b81f94fab19a8d60bc68790a3c825896
-
SHA256
8123caec2807143ff545f4c3af6c2d46cf80faeb37d22588533bce130b18e4a5
-
SHA512
555056f9f401bc7ba3ffb9f1ee116a2c5ef07157c054d15f3a925626beee42f4d55b0a330095afc5a289ef9c2d84ae16e1c17acbc8d226aff1662703d4dd82e9
-
SSDEEP
3072:tZYAYvUpp+dFlvfvArq/Nh+tmfiXhAxU4rHLQ+fFxtBWqG1iq7vMk/itpTn:tZpkLJYreGm6cXB1GdvMkipT
Static task
static1
Behavioral task
behavioral1
Sample
8123caec2807143ff545f4c3af6c2d46cf80faeb37d22588533bce130b18e4a5.exe
Resource
win10v2004-20240319-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
8123caec2807143ff545f4c3af6c2d46cf80faeb37d22588533bce130b18e4a5
-
Size
297KB
-
MD5
d726862f58336169a09b3d559077d746
-
SHA1
a9254f57b81f94fab19a8d60bc68790a3c825896
-
SHA256
8123caec2807143ff545f4c3af6c2d46cf80faeb37d22588533bce130b18e4a5
-
SHA512
555056f9f401bc7ba3ffb9f1ee116a2c5ef07157c054d15f3a925626beee42f4d55b0a330095afc5a289ef9c2d84ae16e1c17acbc8d226aff1662703d4dd82e9
-
SSDEEP
3072:tZYAYvUpp+dFlvfvArq/Nh+tmfiXhAxU4rHLQ+fFxtBWqG1iq7vMk/itpTn:tZpkLJYreGm6cXB1GdvMkipT
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-