General
-
Target
3d4375cde08e03e77fe51fbca04d0cc4ce29fd7d0a71174473fb2225ba204d43
-
Size
396KB
-
Sample
240429-fkj55abd3w
-
MD5
bf4f63cbcc06bf2ae575ea3778e023c1
-
SHA1
ba9a6a28bfa25886b389afb4dc0e57a1d48eeeb8
-
SHA256
3d4375cde08e03e77fe51fbca04d0cc4ce29fd7d0a71174473fb2225ba204d43
-
SHA512
992e3a0680da57fb60060628d56ca974a552a6e266864fad690108c38bbcdf94a6611b008fa2f0568cc0aa7f7a780ab57fb47288209206ecd8ac3158dca2f3b7
-
SSDEEP
6144:4bUya3+rSZfUNPi77LXMIoTKsmQ3ol2nb14ov0d:sUyaySdnLXvoTmWol4b1j4
Static task
static1
Behavioral task
behavioral1
Sample
3d4375cde08e03e77fe51fbca04d0cc4ce29fd7d0a71174473fb2225ba204d43.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
http://185.172.128.151
-
url_path
/7043a0c6a68d9c65.php
Targets
-
-
Target
3d4375cde08e03e77fe51fbca04d0cc4ce29fd7d0a71174473fb2225ba204d43
-
Size
396KB
-
MD5
bf4f63cbcc06bf2ae575ea3778e023c1
-
SHA1
ba9a6a28bfa25886b389afb4dc0e57a1d48eeeb8
-
SHA256
3d4375cde08e03e77fe51fbca04d0cc4ce29fd7d0a71174473fb2225ba204d43
-
SHA512
992e3a0680da57fb60060628d56ca974a552a6e266864fad690108c38bbcdf94a6611b008fa2f0568cc0aa7f7a780ab57fb47288209206ecd8ac3158dca2f3b7
-
SSDEEP
6144:4bUya3+rSZfUNPi77LXMIoTKsmQ3ol2nb14ov0d:sUyaySdnLXvoTmWol4b1j4
-
Detects Arechclient2 RAT
Arechclient2.
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-