General
-
Target
cce1accced0a4d91966c96752c101eefe1dba629c8b5ec58eefc5408c881f110
-
Size
306KB
-
Sample
240407-tz265sha96
-
MD5
f5159a00a090d5e99b53d41c6ac41dd3
-
SHA1
295db898d608960df27d5027a721fd44cbd00580
-
SHA256
cce1accced0a4d91966c96752c101eefe1dba629c8b5ec58eefc5408c881f110
-
SHA512
29aac3010b80287809784305493683461402c9484812a74e166418b75af6b9f59d49818bd46cd8c6c1e61204d951a0d3cf7db038bbd4d9c990da836bd7942cf4
-
SSDEEP
3072:rCpNJX1DHyM/QwOaaICZem2Zm+Cx0awweed2oO:upNJX1DHycovZ2/+03Q
Static task
static1
Behavioral task
behavioral1
Sample
cce1accced0a4d91966c96752c101eefe1dba629c8b5ec58eefc5408c881f110.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.209
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
cce1accced0a4d91966c96752c101eefe1dba629c8b5ec58eefc5408c881f110
-
Size
306KB
-
MD5
f5159a00a090d5e99b53d41c6ac41dd3
-
SHA1
295db898d608960df27d5027a721fd44cbd00580
-
SHA256
cce1accced0a4d91966c96752c101eefe1dba629c8b5ec58eefc5408c881f110
-
SHA512
29aac3010b80287809784305493683461402c9484812a74e166418b75af6b9f59d49818bd46cd8c6c1e61204d951a0d3cf7db038bbd4d9c990da836bd7942cf4
-
SSDEEP
3072:rCpNJX1DHyM/QwOaaICZem2Zm+Cx0awweed2oO:upNJX1DHycovZ2/+03Q
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-