General
-
Target
6a1950539f96cbb2cf816a413a68e07f.exe
-
Size
311KB
-
Sample
240428-czqpnsef3z
-
MD5
6a1950539f96cbb2cf816a413a68e07f
-
SHA1
6bff7074f3bfc7dfa00dd188ab8b620a8d986cc7
-
SHA256
aa26475eeea5b19d3d052637a9e988e0250ae16190807889fc255065687c8780
-
SHA512
be12aa463be7df2d66e6fbda1bb9eb783328b72e4b001904574d9541b9e13ad343e3e58f0febdf1196d39d69835b60a3bd475d3ed978945415f423c4fc0ef02d
-
SSDEEP
3072:t1K1Gr12pK4q+LM6B+uTzLzX0z1eQZvjOG7cZIORHw1zjyMwWF96ZYikkZ7ODE:6obaX5ykZBRQ1zjyM10YiJODE
Static task
static1
Behavioral task
behavioral1
Sample
6a1950539f96cbb2cf816a413a68e07f.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
http://185.172.128.76
-
url_path
/8681490a59ad0e34.php
Targets
-
-
Target
6a1950539f96cbb2cf816a413a68e07f.exe
-
Size
311KB
-
MD5
6a1950539f96cbb2cf816a413a68e07f
-
SHA1
6bff7074f3bfc7dfa00dd188ab8b620a8d986cc7
-
SHA256
aa26475eeea5b19d3d052637a9e988e0250ae16190807889fc255065687c8780
-
SHA512
be12aa463be7df2d66e6fbda1bb9eb783328b72e4b001904574d9541b9e13ad343e3e58f0febdf1196d39d69835b60a3bd475d3ed978945415f423c4fc0ef02d
-
SSDEEP
3072:t1K1Gr12pK4q+LM6B+uTzLzX0z1eQZvjOG7cZIORHw1zjyMwWF96ZYikkZ7ODE:6obaX5ykZBRQ1zjyM10YiJODE
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-