General
-
Target
1d4923625c054327eb063bc0dfc74578ff43847e9d57d3332664326b264b12cf.exe
-
Size
246KB
-
Sample
240408-bgzn7acc25
-
MD5
2b4753b31c97e20e1b05248a072777a8
-
SHA1
ba028965fb79b894ab0b65a563805768d229825a
-
SHA256
1d4923625c054327eb063bc0dfc74578ff43847e9d57d3332664326b264b12cf
-
SHA512
a74fb26724e595577fb62401c11dcf84cbf68f96f6c1dcee54c79a78d9391fc2bcff36073da435eff4e86206863566a653446cd6afa722442533034fd2c78bd9
-
SSDEEP
3072:BW9dnF3MZ+55A1Xrb8xIaHYorTGp14UyDxQuKwZQ:kfnF3o+5qAploKxQ
Static task
static1
Behavioral task
behavioral1
Sample
1d4923625c054327eb063bc0dfc74578ff43847e9d57d3332664326b264b12cf.exe
Resource
win7-20240319-en
Malware Config
Extracted
stealc
http://62.113.119.199
-
url_path
/c9cac53e5e9ec7ba.php
Targets
-
-
Target
1d4923625c054327eb063bc0dfc74578ff43847e9d57d3332664326b264b12cf.exe
-
Size
246KB
-
MD5
2b4753b31c97e20e1b05248a072777a8
-
SHA1
ba028965fb79b894ab0b65a563805768d229825a
-
SHA256
1d4923625c054327eb063bc0dfc74578ff43847e9d57d3332664326b264b12cf
-
SHA512
a74fb26724e595577fb62401c11dcf84cbf68f96f6c1dcee54c79a78d9391fc2bcff36073da435eff4e86206863566a653446cd6afa722442533034fd2c78bd9
-
SSDEEP
3072:BW9dnF3MZ+55A1Xrb8xIaHYorTGp14UyDxQuKwZQ:kfnF3o+5qAploKxQ
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-