General
-
Target
cf267f31af942869a51ff10d3cadb637.exe
-
Size
218KB
-
Sample
240404-mlhr1sce2v
-
MD5
cf267f31af942869a51ff10d3cadb637
-
SHA1
6c612523c12cd2a0e71deb7114427f6656cd58dc
-
SHA256
6f7aad02384477c96833be0fef115412e2dc1c05d059f40c4ec13194e8308eeb
-
SHA512
36dd1d8c70f042ceb111cd6456d70a1fd7e83764441748216421fed83e2ffeea2fcd842c700c09226a5bb07a61f1c3948afcc0b10a07dd5fa827575bc0b43fd4
-
SSDEEP
3072:qUBTqPKGYOrEQAQB0fzahcaFnztzmrl9JrMw9ja2bwiOp:qKqPKGYOrEzQBXtnzsr54w9j/bwiO
Static task
static1
Behavioral task
behavioral1
Sample
cf267f31af942869a51ff10d3cadb637.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
http://185.172.128.26
-
url_path
/f993692117a3fda2.php
Targets
-
-
Target
cf267f31af942869a51ff10d3cadb637.exe
-
Size
218KB
-
MD5
cf267f31af942869a51ff10d3cadb637
-
SHA1
6c612523c12cd2a0e71deb7114427f6656cd58dc
-
SHA256
6f7aad02384477c96833be0fef115412e2dc1c05d059f40c4ec13194e8308eeb
-
SHA512
36dd1d8c70f042ceb111cd6456d70a1fd7e83764441748216421fed83e2ffeea2fcd842c700c09226a5bb07a61f1c3948afcc0b10a07dd5fa827575bc0b43fd4
-
SSDEEP
3072:qUBTqPKGYOrEQAQB0fzahcaFnztzmrl9JrMw9ja2bwiOp:qKqPKGYOrEzQBXtnzsr54w9j/bwiO
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-