General
-
Target
0bbc18422196964dd5fd7d97b5e64bddcf92277fba3b953c141bda500892253f
-
Size
270KB
-
Sample
240607-szzkksbe55
-
MD5
7e9bd88fc9da1bb16b89be6c0198e472
-
SHA1
cd800bfca4fd39e99c43d3360ecef8be7779dc1a
-
SHA256
0bbc18422196964dd5fd7d97b5e64bddcf92277fba3b953c141bda500892253f
-
SHA512
33d7d18ed33ecf1eed4911ad49db799fb0732aa48f8183f0f6e34ef671fc93223d948736b09b36035c4c1a3e3b9662a34cd4cd5dd695977b287927232f12497d
-
SSDEEP
3072:hOyLANxE76HVe+JLk4bKF33H2r+S5ArQ4T:hBLANCeHVe+633jv
Static task
static1
Behavioral task
behavioral1
Sample
0bbc18422196964dd5fd7d97b5e64bddcf92277fba3b953c141bda500892253f.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
default12
http://185.172.128.170
-
url_path
/7043a0c6a68d9c65.php
Targets
-
-
Target
0bbc18422196964dd5fd7d97b5e64bddcf92277fba3b953c141bda500892253f
-
Size
270KB
-
MD5
7e9bd88fc9da1bb16b89be6c0198e472
-
SHA1
cd800bfca4fd39e99c43d3360ecef8be7779dc1a
-
SHA256
0bbc18422196964dd5fd7d97b5e64bddcf92277fba3b953c141bda500892253f
-
SHA512
33d7d18ed33ecf1eed4911ad49db799fb0732aa48f8183f0f6e34ef671fc93223d948736b09b36035c4c1a3e3b9662a34cd4cd5dd695977b287927232f12497d
-
SSDEEP
3072:hOyLANxE76HVe+JLk4bKF33H2r+S5ArQ4T:hBLANCeHVe+633jv
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-