General
-
Target
ba35d4147cd88049d10d1b89d68e93db31c3b3db535472589ae18bdd6671bd06
-
Size
338KB
-
Sample
240407-tqdr7agg62
-
MD5
5c7498daaf2a831ef346131e5601d609
-
SHA1
a156b6d8331747067f561353e2e0a6b10a566317
-
SHA256
ba35d4147cd88049d10d1b89d68e93db31c3b3db535472589ae18bdd6671bd06
-
SHA512
aa83499e6fb3f50c4d3b6b76fadc0b0f776310dcfe166ed9d83859cd0a02f10b9da45073c54997fc684202c1dcd0af10bde9cb6a66375ace77424048a8eeb0c2
-
SSDEEP
3072:X65BEeeaB6mD37VqOJmnBUARbcqG6hzBRA4D8SS1mttoDpytBr1zm7rU+12oO:kBEeeaB64duBxFn3rA4D8T1ACFeDf+
Static task
static1
Behavioral task
behavioral1
Sample
ba35d4147cd88049d10d1b89d68e93db31c3b3db535472589ae18bdd6671bd06.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
ba35d4147cd88049d10d1b89d68e93db31c3b3db535472589ae18bdd6671bd06
-
Size
338KB
-
MD5
5c7498daaf2a831ef346131e5601d609
-
SHA1
a156b6d8331747067f561353e2e0a6b10a566317
-
SHA256
ba35d4147cd88049d10d1b89d68e93db31c3b3db535472589ae18bdd6671bd06
-
SHA512
aa83499e6fb3f50c4d3b6b76fadc0b0f776310dcfe166ed9d83859cd0a02f10b9da45073c54997fc684202c1dcd0af10bde9cb6a66375ace77424048a8eeb0c2
-
SSDEEP
3072:X65BEeeaB6mD37VqOJmnBUARbcqG6hzBRA4D8SS1mttoDpytBr1zm7rU+12oO:kBEeeaB64duBxFn3rA4D8T1ACFeDf+
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-