General
-
Target
943255d6251b3a82f00d303c8913678ca8a656b1305555aeb6a6c67a36fa2960
-
Size
343KB
-
Sample
240603-ftte6ace9w
-
MD5
98838eeb4d06a07e71afac347b8b2ec2
-
SHA1
657bdfe3224d1612ed00446f4c80fdd92060ba6b
-
SHA256
943255d6251b3a82f00d303c8913678ca8a656b1305555aeb6a6c67a36fa2960
-
SHA512
76961506a8832980bdbe5c31f6e420f2ca3e0005db7610b5d0326138668f2d1ad3f122de33c2cc83113b4783e2a1162916223aa616d8de19f57ba90e4e7b9fe5
-
SSDEEP
3072:vF6jqpdB+SkBaX4Ia+cgQYP8+0INgRh0Er344ueqp357E4D3pg2m78AEA2Y8h4ne:hpdwL9LH7rzSiEplA2Y8h48fIX9apT
Static task
static1
Behavioral task
behavioral1
Sample
943255d6251b3a82f00d303c8913678ca8a656b1305555aeb6a6c67a36fa2960.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
default12
http://185.172.128.170
-
url_path
/7043a0c6a68d9c65.php
Targets
-
-
Target
943255d6251b3a82f00d303c8913678ca8a656b1305555aeb6a6c67a36fa2960
-
Size
343KB
-
MD5
98838eeb4d06a07e71afac347b8b2ec2
-
SHA1
657bdfe3224d1612ed00446f4c80fdd92060ba6b
-
SHA256
943255d6251b3a82f00d303c8913678ca8a656b1305555aeb6a6c67a36fa2960
-
SHA512
76961506a8832980bdbe5c31f6e420f2ca3e0005db7610b5d0326138668f2d1ad3f122de33c2cc83113b4783e2a1162916223aa616d8de19f57ba90e4e7b9fe5
-
SSDEEP
3072:vF6jqpdB+SkBaX4Ia+cgQYP8+0INgRh0Er344ueqp357E4D3pg2m78AEA2Y8h4ne:hpdwL9LH7rzSiEplA2Y8h48fIX9apT
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-