General
-
Target
eda9de6005d8b240fcd625ca6e2c2ec385343f2fb88c9d7233892e8302488a9f.exe
-
Size
347KB
-
Sample
240430-cg52mshc63
-
MD5
850a2a0eee8fe41dc2b84bcf4f692aa2
-
SHA1
f5e822915d65c96bdb32f441651aaa0ed2884201
-
SHA256
eda9de6005d8b240fcd625ca6e2c2ec385343f2fb88c9d7233892e8302488a9f
-
SHA512
df839bcc45fcfebd776b21bbd85948fc69f50110fd3cabf7a53cda39edafd543a86fa40b200df4a45e5022651a2e538d888be3cf8addd6171e2c24d223f2d479
-
SSDEEP
6144:qQnVK4NKrO3Eg2ASnfP10KVEI9iBmxf4AUkF10KobAMGuRcEEI7lpg2QF:+4NKh1RnfP1bVH9iB+PUkF10BhGuRNEp
Static task
static1
Behavioral task
behavioral1
Sample
eda9de6005d8b240fcd625ca6e2c2ec385343f2fb88c9d7233892e8302488a9f.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
eda9de6005d8b240fcd625ca6e2c2ec385343f2fb88c9d7233892e8302488a9f.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.151
-
url_path
/7043a0c6a68d9c65.php
Targets
-
-
Target
eda9de6005d8b240fcd625ca6e2c2ec385343f2fb88c9d7233892e8302488a9f.exe
-
Size
347KB
-
MD5
850a2a0eee8fe41dc2b84bcf4f692aa2
-
SHA1
f5e822915d65c96bdb32f441651aaa0ed2884201
-
SHA256
eda9de6005d8b240fcd625ca6e2c2ec385343f2fb88c9d7233892e8302488a9f
-
SHA512
df839bcc45fcfebd776b21bbd85948fc69f50110fd3cabf7a53cda39edafd543a86fa40b200df4a45e5022651a2e538d888be3cf8addd6171e2c24d223f2d479
-
SSDEEP
6144:qQnVK4NKrO3Eg2ASnfP10KVEI9iBmxf4AUkF10KobAMGuRcEEI7lpg2QF:+4NKh1RnfP1bVH9iB+PUkF10BhGuRNEp
-
SectopRAT payload
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-