General
-
Target
ac895bbc531d01fcc5a113363c9e8950f8a5402da8515a6625e2183ab75977b4
-
Size
319KB
-
Sample
240505-2thvbabe76
-
MD5
4059a762257584d6d8aa15a8382fc687
-
SHA1
4d19251d17a8200a108fc444916adef1a306457f
-
SHA256
ac895bbc531d01fcc5a113363c9e8950f8a5402da8515a6625e2183ab75977b4
-
SHA512
7ef76307d8762be294182c0614286a62a8be3086b383d2afb31279f4f70a9c2c3f2b256ef4facb56595260d965b5822ce5c6438b9a4d2e8addfa03a6ad0b3f87
-
SSDEEP
3072:L6NwyT1Q6MpwbeRliKllGV+qxuCHc1bdft3kYPCCeGOc4pWANfOKmRSCTnt15JJS:Ma3/RYKCVY5dFj/eFJfOK4fTnt13rK0
Static task
static1
Behavioral task
behavioral1
Sample
ac895bbc531d01fcc5a113363c9e8950f8a5402da8515a6625e2183ab75977b4.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
http://185.172.128.151
-
url_path
/7043a0c6a68d9c65.php
Targets
-
-
Target
ac895bbc531d01fcc5a113363c9e8950f8a5402da8515a6625e2183ab75977b4
-
Size
319KB
-
MD5
4059a762257584d6d8aa15a8382fc687
-
SHA1
4d19251d17a8200a108fc444916adef1a306457f
-
SHA256
ac895bbc531d01fcc5a113363c9e8950f8a5402da8515a6625e2183ab75977b4
-
SHA512
7ef76307d8762be294182c0614286a62a8be3086b383d2afb31279f4f70a9c2c3f2b256ef4facb56595260d965b5822ce5c6438b9a4d2e8addfa03a6ad0b3f87
-
SSDEEP
3072:L6NwyT1Q6MpwbeRliKllGV+qxuCHc1bdft3kYPCCeGOc4pWANfOKmRSCTnt15JJS:Ma3/RYKCVY5dFj/eFJfOK4fTnt13rK0
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-