General
-
Target
e00f4b2363b55221308cfc92b561a7680cf38cb3aed2ab0cb3251c1c1082b245
-
Size
395KB
-
Sample
240429-f23nssbh7y
-
MD5
0d012ca8feba5cb6676318dad8b8c00b
-
SHA1
c40a23f6de4fa9828004ac5283ce0591e8a9cba1
-
SHA256
e00f4b2363b55221308cfc92b561a7680cf38cb3aed2ab0cb3251c1c1082b245
-
SHA512
9e2a2e7f839dd13cce154fa9273c47111f15affa067b5c9efdac9ccedbbba53cd652c7025aad6cde80d23b58a1bba23a32a2ac127c43a889be490dc84a00435e
-
SSDEEP
6144:P29OmUzW8qsGKCjyUeQ3KSJJHr1kWhr12uKej6RCM+8RP:P2R67JCeU13K8JH1ZFKej/81
Static task
static1
Behavioral task
behavioral1
Sample
e00f4b2363b55221308cfc92b561a7680cf38cb3aed2ab0cb3251c1c1082b245.exe
Resource
win7-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.151
-
url_path
/7043a0c6a68d9c65.php
Targets
-
-
Target
e00f4b2363b55221308cfc92b561a7680cf38cb3aed2ab0cb3251c1c1082b245
-
Size
395KB
-
MD5
0d012ca8feba5cb6676318dad8b8c00b
-
SHA1
c40a23f6de4fa9828004ac5283ce0591e8a9cba1
-
SHA256
e00f4b2363b55221308cfc92b561a7680cf38cb3aed2ab0cb3251c1c1082b245
-
SHA512
9e2a2e7f839dd13cce154fa9273c47111f15affa067b5c9efdac9ccedbbba53cd652c7025aad6cde80d23b58a1bba23a32a2ac127c43a889be490dc84a00435e
-
SSDEEP
6144:P29OmUzW8qsGKCjyUeQ3KSJJHr1kWhr12uKej6RCM+8RP:P2R67JCeU13K8JH1ZFKej/81
-
Detects Arechclient2 RAT
Arechclient2.
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-