General
-
Target
tmp
-
Size
307KB
-
Sample
240428-wbpx1sdd2z
-
MD5
4c1211ca6acf41a9a2282c3291384bc5
-
SHA1
0d405a8e2c8df1621a10adf984c836e29f0a51c5
-
SHA256
52aa0c072e5c7fef19391a933cb34b085bf34d258d3fd7603a99907b262d547d
-
SHA512
1a7b194c8dba9f99ebb419a5ff2b0918f8ef6b44ee72f00953fd422e0028d9797181c7644e671013743fccea89abeb5e3306f32e94a0ecb4d5e90184cefbef2b
-
SSDEEP
3072:P5aM5toPpVYuW+xe0Hu+3bL2U5yWa87D7O4CKZybD+6iHE3CI7I8NU:lssuWO2QXQWxO4FG5mE3CMNU
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
http://185.172.128.150
-
url_path
/c698e1bc8a2f5e6d.php
Targets
-
-
Target
tmp
-
Size
307KB
-
MD5
4c1211ca6acf41a9a2282c3291384bc5
-
SHA1
0d405a8e2c8df1621a10adf984c836e29f0a51c5
-
SHA256
52aa0c072e5c7fef19391a933cb34b085bf34d258d3fd7603a99907b262d547d
-
SHA512
1a7b194c8dba9f99ebb419a5ff2b0918f8ef6b44ee72f00953fd422e0028d9797181c7644e671013743fccea89abeb5e3306f32e94a0ecb4d5e90184cefbef2b
-
SSDEEP
3072:P5aM5toPpVYuW+xe0Hu+3bL2U5yWa87D7O4CKZybD+6iHE3CI7I8NU:lssuWO2QXQWxO4FG5mE3CMNU
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-