General
-
Target
0f3eff1680baf401b5fd2823a1958f738a5bfeff649b09fd32ff13bfa7d4523d
-
Size
310KB
-
Sample
240408-akanssah4v
-
MD5
4650069a7f73cef6a70e3ccc53d7e343
-
SHA1
98de1860dda06558cd21772982bacddad8340d72
-
SHA256
0f3eff1680baf401b5fd2823a1958f738a5bfeff649b09fd32ff13bfa7d4523d
-
SHA512
ec66681b3f6d4dce3326f48bd7bee1457feccb503d21581a19f2678571954f904e7962c860f329ddb2977b31b712bb138777e70db2a529270b560bec3a37c280
-
SSDEEP
3072:MEGW6vBwl1f85XQf+zeF9lfZRrrP+DKDpRxcHP5Rm8ruhad2oO:M/W6Bwf05/zkJZp+hHBRmsKa
Static task
static1
Behavioral task
behavioral1
Sample
0f3eff1680baf401b5fd2823a1958f738a5bfeff649b09fd32ff13bfa7d4523d.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
stealc
http://185.172.128.26
-
url_path
/f993692117a3fda2.php
Targets
-
-
Target
0f3eff1680baf401b5fd2823a1958f738a5bfeff649b09fd32ff13bfa7d4523d
-
Size
310KB
-
MD5
4650069a7f73cef6a70e3ccc53d7e343
-
SHA1
98de1860dda06558cd21772982bacddad8340d72
-
SHA256
0f3eff1680baf401b5fd2823a1958f738a5bfeff649b09fd32ff13bfa7d4523d
-
SHA512
ec66681b3f6d4dce3326f48bd7bee1457feccb503d21581a19f2678571954f904e7962c860f329ddb2977b31b712bb138777e70db2a529270b560bec3a37c280
-
SSDEEP
3072:MEGW6vBwl1f85XQf+zeF9lfZRrrP+DKDpRxcHP5Rm8ruhad2oO:M/W6Bwf05/zkJZp+hHBRmsKa
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-