General
-
Target
ef5090b709111fbae4ea36cd8fc13185ef17fd771971236aa57c99f690c91a02
-
Size
306KB
-
Sample
240407-tz5bhagg5v
-
MD5
b27582940891aac3757b4570ed01b0d9
-
SHA1
e6969dd7459de0362d5201d780e4cb3ef9465b07
-
SHA256
ef5090b709111fbae4ea36cd8fc13185ef17fd771971236aa57c99f690c91a02
-
SHA512
15ce828d114611371bb4f93095eebf694ad7b3e5b6ffc39dc120ec123563096bca474a382af810c6aacaaf36a59e644ea3f12fa2cc5af96cff2ee43a09223c4c
-
SSDEEP
3072:KCpNsX1XHEWRvPCv+GDNikWGOkVp/Z/B4lCUSDto2EFlVe2oO:7pNsX1XHE8CW85zDZeCfKdF
Static task
static1
Behavioral task
behavioral1
Sample
ef5090b709111fbae4ea36cd8fc13185ef17fd771971236aa57c99f690c91a02.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.26
-
url_path
/f993692117a3fda2.php
Targets
-
-
Target
ef5090b709111fbae4ea36cd8fc13185ef17fd771971236aa57c99f690c91a02
-
Size
306KB
-
MD5
b27582940891aac3757b4570ed01b0d9
-
SHA1
e6969dd7459de0362d5201d780e4cb3ef9465b07
-
SHA256
ef5090b709111fbae4ea36cd8fc13185ef17fd771971236aa57c99f690c91a02
-
SHA512
15ce828d114611371bb4f93095eebf694ad7b3e5b6ffc39dc120ec123563096bca474a382af810c6aacaaf36a59e644ea3f12fa2cc5af96cff2ee43a09223c4c
-
SSDEEP
3072:KCpNsX1XHEWRvPCv+GDNikWGOkVp/Z/B4lCUSDto2EFlVe2oO:7pNsX1XHE8CW85zDZeCfKdF
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-