General
-
Target
b24efb5a6a005bae10d7087d8ad12931f99c284c90fc19c139fb6aaf244ba985
-
Size
337KB
-
Sample
240407-tqaersgg58
-
MD5
326b47b921c7582bb0ade4ab0e1e8d38
-
SHA1
95870a58dce15450ff3247b6e327f995a93c8c96
-
SHA256
b24efb5a6a005bae10d7087d8ad12931f99c284c90fc19c139fb6aaf244ba985
-
SHA512
21ae7daec44f984c3dedd39b0e3b77eacb7fbd786af80ef93dd3fe8c6efc2288388a42f8b4ce77538844c7d8da9ab325023acfd15840146d0b54afffa4360655
-
SSDEEP
6144:JBEYI6y6I2thkfERgzLQ2H+w1W6oqeDf+:fEi1I+gX5d1WDf
Static task
static1
Behavioral task
behavioral1
Sample
b24efb5a6a005bae10d7087d8ad12931f99c284c90fc19c139fb6aaf244ba985.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.26
-
url_path
/f993692117a3fda2.php
Targets
-
-
Target
b24efb5a6a005bae10d7087d8ad12931f99c284c90fc19c139fb6aaf244ba985
-
Size
337KB
-
MD5
326b47b921c7582bb0ade4ab0e1e8d38
-
SHA1
95870a58dce15450ff3247b6e327f995a93c8c96
-
SHA256
b24efb5a6a005bae10d7087d8ad12931f99c284c90fc19c139fb6aaf244ba985
-
SHA512
21ae7daec44f984c3dedd39b0e3b77eacb7fbd786af80ef93dd3fe8c6efc2288388a42f8b4ce77538844c7d8da9ab325023acfd15840146d0b54afffa4360655
-
SSDEEP
6144:JBEYI6y6I2thkfERgzLQ2H+w1W6oqeDf+:fEi1I+gX5d1WDf
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-