General
-
Target
d1e360f356f8ac430b5fed34b3a0a660.exe
-
Size
307KB
-
Sample
240428-vp83dace62
-
MD5
d1e360f356f8ac430b5fed34b3a0a660
-
SHA1
7aab5d765bc1c3d29510804bb5dfa14a47722218
-
SHA256
b708baa9b529adc2da4c9dfeef1a7c62d1a9cc231cb82561334de8c0a99cbbdb
-
SHA512
705060b9a70166724a68000f39142cee88d0951b33612f03619f6c40a2c9561a98f9bcdd5e210998d3cef9107b49cc560da22f7749c18a59d4525b593c2166fd
-
SSDEEP
3072:J5a5c3ZPpgukTT1ni8+WbLOT4iNm1jktYRflHMWUn72Z+qPz+yWYeiHEFI7I8NU:F5GuaZRIFmBSYtlHm++q7GmEFMNU
Static task
static1
Behavioral task
behavioral1
Sample
d1e360f356f8ac430b5fed34b3a0a660.exe
Resource
win7-20240220-en
Malware Config
Extracted
stealc
http://185.172.128.151
-
url_path
/7043a0c6a68d9c65.php
Targets
-
-
Target
d1e360f356f8ac430b5fed34b3a0a660.exe
-
Size
307KB
-
MD5
d1e360f356f8ac430b5fed34b3a0a660
-
SHA1
7aab5d765bc1c3d29510804bb5dfa14a47722218
-
SHA256
b708baa9b529adc2da4c9dfeef1a7c62d1a9cc231cb82561334de8c0a99cbbdb
-
SHA512
705060b9a70166724a68000f39142cee88d0951b33612f03619f6c40a2c9561a98f9bcdd5e210998d3cef9107b49cc560da22f7749c18a59d4525b593c2166fd
-
SSDEEP
3072:J5a5c3ZPpgukTT1ni8+WbLOT4iNm1jktYRflHMWUn72Z+qPz+yWYeiHEFI7I8NU:F5GuaZRIFmBSYtlHm++q7GmEFMNU
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-