General
-
Target
a13f74416527c6d47df34dd737aa3b83.exe
-
Size
309KB
-
Sample
240523-nt1hgaeg92
-
MD5
a13f74416527c6d47df34dd737aa3b83
-
SHA1
046a448369b64d7dabc90443387ba7be96d4a07f
-
SHA256
2172ea4822a221bbb590482d15054d41d216cb9a4d364c63d141564f7d147a8d
-
SHA512
8555190bedbf1b4c669872d9e37275a950a32c392328d4efb60621c6a2e15ecf86cf42620639374b24a5f98bfa0e9f5c7edca37bac1c9be1f1d907abca29abf8
-
SSDEEP
3072:F6g6CjPtCJliXngUyBUJmyQLjFkwFH13hFD55muUY:FP6Qt0liXngUXJmFLqwb3vDqX
Static task
static1
Behavioral task
behavioral1
Sample
a13f74416527c6d47df34dd737aa3b83.exe
Resource
win7-20240221-en
Malware Config
Extracted
stealc
default11
http://185.172.128.170
-
url_path
/7043a0c6a68d9c65.php
Targets
-
-
Target
a13f74416527c6d47df34dd737aa3b83.exe
-
Size
309KB
-
MD5
a13f74416527c6d47df34dd737aa3b83
-
SHA1
046a448369b64d7dabc90443387ba7be96d4a07f
-
SHA256
2172ea4822a221bbb590482d15054d41d216cb9a4d364c63d141564f7d147a8d
-
SHA512
8555190bedbf1b4c669872d9e37275a950a32c392328d4efb60621c6a2e15ecf86cf42620639374b24a5f98bfa0e9f5c7edca37bac1c9be1f1d907abca29abf8
-
SSDEEP
3072:F6g6CjPtCJliXngUyBUJmyQLjFkwFH13hFD55muUY:FP6Qt0liXngUXJmFLqwb3vDqX
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-