General
-
Target
95674cb006bfca36cd0e0f9b80ef0ed240c64f2ee955d9dd4af8102a0c4d9806
-
Size
158KB
-
Sample
240507-3jp2baec8t
-
MD5
317465164f61fe462864a65b732ccc13
-
SHA1
5b78c41ad423766e9aadae91f902d14a922c8666
-
SHA256
95674cb006bfca36cd0e0f9b80ef0ed240c64f2ee955d9dd4af8102a0c4d9806
-
SHA512
9bc4846a92b7b25e973b42c2cd4895dd15132d0fa1d9ee62e8d7e3679e8bb3b75ae9fb5c6fa165af0f77eaf3e3f75a4d7f60057a0cb22693fc80d89390d09046
-
SSDEEP
3072:v5JKjGc9pOW1Bg7ayW1QSZP5+fZ1mlUQj2s:hgGGpZQao+P5KboXj2
Static task
static1
Behavioral task
behavioral1
Sample
95674cb006bfca36cd0e0f9b80ef0ed240c64f2ee955d9dd4af8102a0c4d9806.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
http://49.13.229.86
-
url_path
/c73eed764cc59dcb.php
Targets
-
-
Target
95674cb006bfca36cd0e0f9b80ef0ed240c64f2ee955d9dd4af8102a0c4d9806
-
Size
158KB
-
MD5
317465164f61fe462864a65b732ccc13
-
SHA1
5b78c41ad423766e9aadae91f902d14a922c8666
-
SHA256
95674cb006bfca36cd0e0f9b80ef0ed240c64f2ee955d9dd4af8102a0c4d9806
-
SHA512
9bc4846a92b7b25e973b42c2cd4895dd15132d0fa1d9ee62e8d7e3679e8bb3b75ae9fb5c6fa165af0f77eaf3e3f75a4d7f60057a0cb22693fc80d89390d09046
-
SSDEEP
3072:v5JKjGc9pOW1Bg7ayW1QSZP5+fZ1mlUQj2s:hgGGpZQao+P5KboXj2
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-