General
-
Target
11a69412aa73af0b6f2a510f359a5c6ee3239f652eb2f42831f3afdf885a0b6d
-
Size
277KB
-
Sample
240608-nm3z1sbb8x
-
MD5
441faf942ce0407bd646c1e281b6dba0
-
SHA1
16d880c6293f149b3bdb7fbf9e1ce30064154485
-
SHA256
11a69412aa73af0b6f2a510f359a5c6ee3239f652eb2f42831f3afdf885a0b6d
-
SHA512
2e80e36e2c6f3b1f49038b3c6006ac00bfa2f4a3a076b6fbcbc965937a3bc434bc369526e18c81f98fe8c4695555fceab82d21bfebdef2ccf47d287a6e10c834
-
SSDEEP
3072:1gQGIYDLT57dIVNFQ3+824w2yj95GsYiq8VG4+221qYuzLxiN4i5Yd:1v/2LT5RGFC2bj959VG4+24qYuHxd
Static task
static1
Behavioral task
behavioral1
Sample
11a69412aa73af0b6f2a510f359a5c6ee3239f652eb2f42831f3afdf885a0b6d.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
default12
http://185.172.128.170
-
url_path
/7043a0c6a68d9c65.php
Targets
-
-
Target
11a69412aa73af0b6f2a510f359a5c6ee3239f652eb2f42831f3afdf885a0b6d
-
Size
277KB
-
MD5
441faf942ce0407bd646c1e281b6dba0
-
SHA1
16d880c6293f149b3bdb7fbf9e1ce30064154485
-
SHA256
11a69412aa73af0b6f2a510f359a5c6ee3239f652eb2f42831f3afdf885a0b6d
-
SHA512
2e80e36e2c6f3b1f49038b3c6006ac00bfa2f4a3a076b6fbcbc965937a3bc434bc369526e18c81f98fe8c4695555fceab82d21bfebdef2ccf47d287a6e10c834
-
SSDEEP
3072:1gQGIYDLT57dIVNFQ3+824w2yj95GsYiq8VG4+221qYuzLxiN4i5Yd:1v/2LT5RGFC2bj959VG4+24qYuHxd
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-