General
-
Target
230865fa88ed3b88b8d90aff935a4e7b275d658a39633836986b6b8431673ea1
-
Size
270KB
-
Sample
240607-th4cwaag71
-
MD5
e8717dad22d9e07bc91ec2f2200fcb05
-
SHA1
2b05cfebb009a6c80bedc817fb73aaaed29aaa27
-
SHA256
230865fa88ed3b88b8d90aff935a4e7b275d658a39633836986b6b8431673ea1
-
SHA512
7f1d2129a656d09498df90138c9f8b6471d8ee8f043aa613c130a834ac57097b901b6e986ec00db792a72fb51d3bffa69f9370632084c30e6f74bbe243b65c65
-
SSDEEP
3072:6bGL4Nu2NeAov/3oZ/XgcV3RDu0m3q2YDgIf5YrQy:6aL4NzoVvq/w+RDuKqX
Static task
static1
Behavioral task
behavioral1
Sample
230865fa88ed3b88b8d90aff935a4e7b275d658a39633836986b6b8431673ea1.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
default12
http://185.172.128.170
-
url_path
/7043a0c6a68d9c65.php
Targets
-
-
Target
230865fa88ed3b88b8d90aff935a4e7b275d658a39633836986b6b8431673ea1
-
Size
270KB
-
MD5
e8717dad22d9e07bc91ec2f2200fcb05
-
SHA1
2b05cfebb009a6c80bedc817fb73aaaed29aaa27
-
SHA256
230865fa88ed3b88b8d90aff935a4e7b275d658a39633836986b6b8431673ea1
-
SHA512
7f1d2129a656d09498df90138c9f8b6471d8ee8f043aa613c130a834ac57097b901b6e986ec00db792a72fb51d3bffa69f9370632084c30e6f74bbe243b65c65
-
SSDEEP
3072:6bGL4Nu2NeAov/3oZ/XgcV3RDu0m3q2YDgIf5YrQy:6aL4NzoVvq/w+RDuKqX
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-