General
-
Target
fa38bc50e82c0b00890b3234017ee1c0446f48114e700717f69d12dfb5c7d043.exe
-
Size
347KB
-
Sample
240428-cpxegaea74
-
MD5
5ec61087c62b7253d45b72e19c096b5f
-
SHA1
90658f4eec68c48a2764acdd86d4ebf8757a27d3
-
SHA256
fa38bc50e82c0b00890b3234017ee1c0446f48114e700717f69d12dfb5c7d043
-
SHA512
71c3071214ac76f9a98c9a86eeb9234c28630a44d533714b85dce8867641de18db7283d4995bfd773434f03646fcd1ab3b79e65ad0210d79c9a5e4f670ca736a
-
SSDEEP
6144:8o+4WgjZb/JFOtrrcQfDowFsTPgZvaRGbmDgAsWrJhUN5m8BO:5ZjZb/JfQboRTAvaYykBAfF
Static task
static1
Behavioral task
behavioral1
Sample
fa38bc50e82c0b00890b3234017ee1c0446f48114e700717f69d12dfb5c7d043.exe
Resource
win7-20240215-en
Malware Config
Extracted
stealc
http://185.172.128.76
-
url_path
/8681490a59ad0e34.php
Targets
-
-
Target
fa38bc50e82c0b00890b3234017ee1c0446f48114e700717f69d12dfb5c7d043.exe
-
Size
347KB
-
MD5
5ec61087c62b7253d45b72e19c096b5f
-
SHA1
90658f4eec68c48a2764acdd86d4ebf8757a27d3
-
SHA256
fa38bc50e82c0b00890b3234017ee1c0446f48114e700717f69d12dfb5c7d043
-
SHA512
71c3071214ac76f9a98c9a86eeb9234c28630a44d533714b85dce8867641de18db7283d4995bfd773434f03646fcd1ab3b79e65ad0210d79c9a5e4f670ca736a
-
SSDEEP
6144:8o+4WgjZb/JFOtrrcQfDowFsTPgZvaRGbmDgAsWrJhUN5m8BO:5ZjZb/JfQboRTAvaYykBAfF
-
SectopRAT payload
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-