General
-
Target
dd1380805c9f165a1c4ed1c2be6f21c2ddff3152a816246744ae3150f43c5fef
-
Size
322KB
-
Sample
240607-j6fxdadb5s
-
MD5
a91b2c191341a5cdaee48108df0b5036
-
SHA1
60031084704a8bc2ec0300170b3505bee9d1b74a
-
SHA256
dd1380805c9f165a1c4ed1c2be6f21c2ddff3152a816246744ae3150f43c5fef
-
SHA512
5a221d7c04989341042c11fae68a5d664a32c02664a722a376c9504e01a67c53a050e9fc2067d9f90414be616a2a1ac4a4e9dcff25eb3852c28f25a04915061a
-
SSDEEP
3072:OsELu3lHXE7Uop/QWNcPwJ9HIcJ7IMnjKzXc+ntlIjd25vmwJhX:OHLu3l3EBY2coj79IM8M+ntjzP
Static task
static1
Behavioral task
behavioral1
Sample
dd1380805c9f165a1c4ed1c2be6f21c2ddff3152a816246744ae3150f43c5fef.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
default12
http://185.172.128.170
-
url_path
/7043a0c6a68d9c65.php
Targets
-
-
Target
dd1380805c9f165a1c4ed1c2be6f21c2ddff3152a816246744ae3150f43c5fef
-
Size
322KB
-
MD5
a91b2c191341a5cdaee48108df0b5036
-
SHA1
60031084704a8bc2ec0300170b3505bee9d1b74a
-
SHA256
dd1380805c9f165a1c4ed1c2be6f21c2ddff3152a816246744ae3150f43c5fef
-
SHA512
5a221d7c04989341042c11fae68a5d664a32c02664a722a376c9504e01a67c53a050e9fc2067d9f90414be616a2a1ac4a4e9dcff25eb3852c28f25a04915061a
-
SSDEEP
3072:OsELu3lHXE7Uop/QWNcPwJ9HIcJ7IMnjKzXc+ntlIjd25vmwJhX:OHLu3l3EBY2coj79IM8M+ntjzP
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-