General
-
Target
ebd8f511c5066f1e1c791263557a63f575621dd4141cef0263a5749400506ffc
-
Size
275KB
-
Sample
240505-hjw5eadd72
-
MD5
66250443505c195c101d2e147425fc6d
-
SHA1
3e52cc082a545fc63b5a7cb4899eb5fbc3f56029
-
SHA256
ebd8f511c5066f1e1c791263557a63f575621dd4141cef0263a5749400506ffc
-
SHA512
43b7025b425ca979dad89353b91afeb7491ed4a655381c8765e9a4ed01df609655234ccc142f55b5e08eb9351e51bd838750e8e6f159e357b43d46455cb0c019
-
SSDEEP
3072:C5M3v8mSFB+6xEsKpsnxu4DQVC81T0YJo5ff8U7H5jcaJhDWlMkLg58:J8frxvu4EVfWH8UZX3DWlv+
Static task
static1
Behavioral task
behavioral1
Sample
ebd8f511c5066f1e1c791263557a63f575621dd4141cef0263a5749400506ffc.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
stealc
http://185.172.128.151
-
url_path
/7043a0c6a68d9c65.php
Targets
-
-
Target
ebd8f511c5066f1e1c791263557a63f575621dd4141cef0263a5749400506ffc
-
Size
275KB
-
MD5
66250443505c195c101d2e147425fc6d
-
SHA1
3e52cc082a545fc63b5a7cb4899eb5fbc3f56029
-
SHA256
ebd8f511c5066f1e1c791263557a63f575621dd4141cef0263a5749400506ffc
-
SHA512
43b7025b425ca979dad89353b91afeb7491ed4a655381c8765e9a4ed01df609655234ccc142f55b5e08eb9351e51bd838750e8e6f159e357b43d46455cb0c019
-
SSDEEP
3072:C5M3v8mSFB+6xEsKpsnxu4DQVC81T0YJo5ff8U7H5jcaJhDWlMkLg58:J8frxvu4EVfWH8UZX3DWlv+
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-