General
-
Target
tmp
-
Size
200KB
-
Sample
240406-gej4lscf67
-
MD5
e4ff41258b1e13fc1a0cf33f83505c5b
-
SHA1
c41a64aa8b5d921cf755d72dfd624066cbbdf6d8
-
SHA256
0d19b90b35d268308253e621b1b3500b1d1dd98e5f72929ba6f78961423ca594
-
SHA512
520a2c6a74f42743373e29c3aef59618e306a10a1f9ffec27990ed7533856bcc0ba8ce3174ee668418fd8325cf9ef664df29026238e21f4d234f4e7a25d0239a
-
SSDEEP
3072:Gjn/KLxcJgP5F6gEMTMuBsCPFEy+DNHCobTDxlGd5zhb6y:qn/KaJg+hMwKFZ+BioPFlozh+
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
tmp
-
Size
200KB
-
MD5
e4ff41258b1e13fc1a0cf33f83505c5b
-
SHA1
c41a64aa8b5d921cf755d72dfd624066cbbdf6d8
-
SHA256
0d19b90b35d268308253e621b1b3500b1d1dd98e5f72929ba6f78961423ca594
-
SHA512
520a2c6a74f42743373e29c3aef59618e306a10a1f9ffec27990ed7533856bcc0ba8ce3174ee668418fd8325cf9ef664df29026238e21f4d234f4e7a25d0239a
-
SSDEEP
3072:Gjn/KLxcJgP5F6gEMTMuBsCPFEy+DNHCobTDxlGd5zhb6y:qn/KaJg+hMwKFZ+BioPFlozh+
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-