General
-
Target
e6338bc58800f98b3e631ef96bb81ca0_NEAS
-
Size
275KB
-
Sample
240507-vn8efsaa89
-
MD5
e6338bc58800f98b3e631ef96bb81ca0
-
SHA1
bfd297f691706ab8a395254019f784b4e14e1183
-
SHA256
b3399180ca036676795483dc9376cde5cd49e81de90b124f7d49ccf447f6c9f3
-
SHA512
56465542c08324accc31378d5988314d276d0853f7a400d8a5f36ca439c7fa92aa3b8095558a1b06933d0036a07afd74c4e91c6a3a6c77f504fc1ff995090fb9
-
SSDEEP
3072:ABjUoMmq6bGaxjVYnU+wjeKcgfIx7gB323EQjH5eVqENa5:IMmTj4UGgQdgB7Vu
Static task
static1
Behavioral task
behavioral1
Sample
e6338bc58800f98b3e631ef96bb81ca0_NEAS.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
http://185.172.128.151
-
url_path
/7043a0c6a68d9c65.php
Targets
-
-
Target
e6338bc58800f98b3e631ef96bb81ca0_NEAS
-
Size
275KB
-
MD5
e6338bc58800f98b3e631ef96bb81ca0
-
SHA1
bfd297f691706ab8a395254019f784b4e14e1183
-
SHA256
b3399180ca036676795483dc9376cde5cd49e81de90b124f7d49ccf447f6c9f3
-
SHA512
56465542c08324accc31378d5988314d276d0853f7a400d8a5f36ca439c7fa92aa3b8095558a1b06933d0036a07afd74c4e91c6a3a6c77f504fc1ff995090fb9
-
SSDEEP
3072:ABjUoMmq6bGaxjVYnU+wjeKcgfIx7gB323EQjH5eVqENa5:IMmTj4UGgQdgB7Vu
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-