General
-
Target
cstealer.rar
-
Size
17.7MB
-
Sample
240619-ptjqdsvell
-
MD5
bc1f41e6a3c26be8c3e71475c329e0ee
-
SHA1
122e92c7bed062c7cdc00422d833eb23af3db18f
-
SHA256
bf24ee31a0cb06f3e27335000a7e40a892333ed85206810d2589c06eea125452
-
SHA512
4e20fc3294bf4c78ca29c28b9fff6e59713ed61b1aff344917e29e4c1c25c44f313025c214a72b8596071f7fb7321c93399290fb52c2eb2099507b347f8b85ca
-
SSDEEP
393216:y7UT2PLR4QTR1nozhq6afgRQEncrYf/2ZcX2u5aLN+iFdnrkSH7o1:y7UajFRZ8hq6aG4E2uGuMdrkSM
Behavioral task
behavioral1
Sample
cstealer.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
cstealer.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
install.bat
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
install.bat
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
cstealer.exe
-
Size
17.0MB
-
MD5
a6db29acc6576e27e414647a1d642b61
-
SHA1
9ea234983ef05267e74f19dd154c7ff3ec857ac7
-
SHA256
beb8b8e68f348aa1af7a722cd2ae3cc9591b8035b3d0eb28b9e71766e1c77663
-
SHA512
0995a997c96c9438a0185e19df34ac0966a6813aeb5eb773354b301e12251842b1841d3acbda898ccce24bc9bf67a3d0d88aeaf484cd6289c27f7786f43f336a
-
SSDEEP
393216:6Ek4gf8URP8AxYDX1+TtIiFGuvB5IjWqn6eCzOVaFXUX:6wbUaX71QtIZS3ILn6eva8
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
install.bat
-
Size
49B
-
MD5
ebeaccf4443e852caac1dd62952d3c43
-
SHA1
02ce957a5144a3dfd1558cb71183b437f6ae37c8
-
SHA256
ebda70b1032e47f5e35e1de47d993d8d8e0d3718e6d4f345ce6432f6dcffb705
-
SHA512
34324a97ceb9dd7ac46a4906ae049fbd225ed904bcd85dc0b029ff6e66353d07e41d019c2a8139205a35b492c3f2aee8f674c14019b7006a9672f8bd6d072a49
Score1/10 -