General
-
Target
c4fe8cdeb88bcf53388a069bbb60a3dd49c4a08008c2fa8af0977120c8ddc0a5
-
Size
386KB
-
Sample
240427-pe7hxaac97
-
MD5
e9ee25d6346a739ce3778abc33690869
-
SHA1
27cf4a90bd47c2d41d274ec9ec16f1a7dde6ed01
-
SHA256
c4fe8cdeb88bcf53388a069bbb60a3dd49c4a08008c2fa8af0977120c8ddc0a5
-
SHA512
e5d35baed3c0eb5a60717f85c520b940471ae53d9a44e9681a482d62bb420b37fe59ce98a9903c29eb39c2f99550070d22c94fc1d7ddc8ff61e042cc672f9417
-
SSDEEP
6144:USzVvkBage3IgFEbPijF94P0JK4oivly+5Nicq8mDLKQH8q8am6mW:DZnFEbqBrK7T6ic237X
Static task
static1
Behavioral task
behavioral1
Sample
c4fe8cdeb88bcf53388a069bbb60a3dd49c4a08008c2fa8af0977120c8ddc0a5.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.111
-
url_path
/f993692117a3fda2.php
Targets
-
-
Target
c4fe8cdeb88bcf53388a069bbb60a3dd49c4a08008c2fa8af0977120c8ddc0a5
-
Size
386KB
-
MD5
e9ee25d6346a739ce3778abc33690869
-
SHA1
27cf4a90bd47c2d41d274ec9ec16f1a7dde6ed01
-
SHA256
c4fe8cdeb88bcf53388a069bbb60a3dd49c4a08008c2fa8af0977120c8ddc0a5
-
SHA512
e5d35baed3c0eb5a60717f85c520b940471ae53d9a44e9681a482d62bb420b37fe59ce98a9903c29eb39c2f99550070d22c94fc1d7ddc8ff61e042cc672f9417
-
SSDEEP
6144:USzVvkBage3IgFEbPijF94P0JK4oivly+5Nicq8mDLKQH8q8am6mW:DZnFEbqBrK7T6ic237X
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-