General
-
Target
ab67d5dcf0959eb53cde8b4387b18ff89058868197793ac3c01f3eff5fa03349
-
Size
396KB
-
Sample
240429-fxf91abd89
-
MD5
e305d23a64674aaf3f27d1c708a5f2cd
-
SHA1
0c6fe3bde396790cbfb6efaa0e7b813d000e1393
-
SHA256
ab67d5dcf0959eb53cde8b4387b18ff89058868197793ac3c01f3eff5fa03349
-
SHA512
65e5987329a6a396b433c5c2e206331ef862a26f575ab7d1034597442cc58fda9f685034173f0859f8ee327724a7806f6da37a46b9325ba257625964f4fe9be7
-
SSDEEP
6144:4iKdFPyXpDopFPAWs9Q9NEZRXW4XU3XRkocJoH8YOi8HLo:lj5DqWQ9qZZWCeRTlcYOT8
Static task
static1
Behavioral task
behavioral1
Sample
ab67d5dcf0959eb53cde8b4387b18ff89058868197793ac3c01f3eff5fa03349.exe
Resource
win7-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.151
-
url_path
/7043a0c6a68d9c65.php
Targets
-
-
Target
ab67d5dcf0959eb53cde8b4387b18ff89058868197793ac3c01f3eff5fa03349
-
Size
396KB
-
MD5
e305d23a64674aaf3f27d1c708a5f2cd
-
SHA1
0c6fe3bde396790cbfb6efaa0e7b813d000e1393
-
SHA256
ab67d5dcf0959eb53cde8b4387b18ff89058868197793ac3c01f3eff5fa03349
-
SHA512
65e5987329a6a396b433c5c2e206331ef862a26f575ab7d1034597442cc58fda9f685034173f0859f8ee327724a7806f6da37a46b9325ba257625964f4fe9be7
-
SSDEEP
6144:4iKdFPyXpDopFPAWs9Q9NEZRXW4XU3XRkocJoH8YOi8HLo:lj5DqWQ9qZZWCeRTlcYOT8
-
Detects Arechclient2 RAT
Arechclient2.
-
SectopRAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-