General
-
Target
7a16c2b2c3a81b375c1fb4552dd32bc2d3a84aa1d6e644cd20c07ad220c83e5f
-
Size
396KB
-
Sample
240617-t8t7wszenk
-
MD5
51c1bc9607fc8496a6aa6c8613dd022a
-
SHA1
6d2a4f6056d51ae6b6171b42cc16713c5f6bedb9
-
SHA256
7a16c2b2c3a81b375c1fb4552dd32bc2d3a84aa1d6e644cd20c07ad220c83e5f
-
SHA512
274b0c18c57511d46d160fe675f3d69b7fed716ec4ccb81b89ba3b751fa1f8b014416b7af2e7564fecf2f88bb27e143c1b61bd9097db30f29f689c4ad9b5002e
-
SSDEEP
6144:bbODqpwPEuxGH6OrwX3pwzZwEq7EtE6rBpgw6Om92BUz7BJwaPEqrPlTu3q:byPPDLOrwX3pwzZwoB7M2uvfwARaq
Behavioral task
behavioral1
Sample
7a16c2b2c3a81b375c1fb4552dd32bc2d3a84aa1d6e644cd20c07ad220c83e5f.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
blackguard
https://api.telegram.org/bot6948010821:AAEJfl5iNgu_Z6rr2SH3SeV22wpex-Pltwo/sendMessage?chat_id=6841140670
Extracted
sharpstealer
https://api.telegram.org/bot6948010821:AAEJfl5iNgu_Z6rr2SH3SeV22wpex-Pltwo/sendMessage?chat_id=6841140670
-
max_exfil_filesize
1.5e+06
-
proxy_port
168.235.103.57:3128
-
vime_world
false
Targets
-
-
Target
7a16c2b2c3a81b375c1fb4552dd32bc2d3a84aa1d6e644cd20c07ad220c83e5f
-
Size
396KB
-
MD5
51c1bc9607fc8496a6aa6c8613dd022a
-
SHA1
6d2a4f6056d51ae6b6171b42cc16713c5f6bedb9
-
SHA256
7a16c2b2c3a81b375c1fb4552dd32bc2d3a84aa1d6e644cd20c07ad220c83e5f
-
SHA512
274b0c18c57511d46d160fe675f3d69b7fed716ec4ccb81b89ba3b751fa1f8b014416b7af2e7564fecf2f88bb27e143c1b61bd9097db30f29f689c4ad9b5002e
-
SSDEEP
6144:bbODqpwPEuxGH6OrwX3pwzZwEq7EtE6rBpgw6Om92BUz7BJwaPEqrPlTu3q:byPPDLOrwX3pwzZwoB7M2uvfwARaq
Score10/10-
Sharp Stealer
Sharp Stealer is an infostealer first observed in 2024, based on Echelon and Umbral stealers.
-
Sharpstealer family
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-