General
-
Target
d3426eefc87c0dc419603220907c90dc5db259b94ce235105b298867910c0f83.exe
-
Size
348KB
-
Sample
240430-ccp5maha97
-
MD5
4aee9b9dddf220182e1d0d1f00e7797e
-
SHA1
baee6f3a49bdc309e86c8fb52d1072197fe19e14
-
SHA256
d3426eefc87c0dc419603220907c90dc5db259b94ce235105b298867910c0f83
-
SHA512
28babc86fa034ec394518dbf990c68842d13c4557cff81c0609454a60eb79ade1773422d857551f447aeb717a4919d9c3f8fcabf4f4cb8dd37a60f9961ee1fa2
-
SSDEEP
6144:rduS03pdQbVg12jXuaGWkJ0Oey7lZr1asn3e5mV/9+D9f/a4ENTUh8d5a1:ZoXQHy3WkH8sn3e5maa4MY
Static task
static1
Behavioral task
behavioral1
Sample
d3426eefc87c0dc419603220907c90dc5db259b94ce235105b298867910c0f83.exe
Resource
win7-20240215-en
Malware Config
Extracted
stealc
http://185.172.128.151
-
url_path
/7043a0c6a68d9c65.php
Targets
-
-
Target
d3426eefc87c0dc419603220907c90dc5db259b94ce235105b298867910c0f83.exe
-
Size
348KB
-
MD5
4aee9b9dddf220182e1d0d1f00e7797e
-
SHA1
baee6f3a49bdc309e86c8fb52d1072197fe19e14
-
SHA256
d3426eefc87c0dc419603220907c90dc5db259b94ce235105b298867910c0f83
-
SHA512
28babc86fa034ec394518dbf990c68842d13c4557cff81c0609454a60eb79ade1773422d857551f447aeb717a4919d9c3f8fcabf4f4cb8dd37a60f9961ee1fa2
-
SSDEEP
6144:rduS03pdQbVg12jXuaGWkJ0Oey7lZr1asn3e5mV/9+D9f/a4ENTUh8d5a1:ZoXQHy3WkH8sn3e5maa4MY
-
SectopRAT payload
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-