General
-
Target
CheatKeys__Application_66941d6bd945d.zip
-
Size
159.8MB
-
Sample
240714-xgrjgavflh
-
MD5
35d6439feb2e5ff5e7df97961f6b0297
-
SHA1
8d86717151633ff9180136a4686554e672aede9f
-
SHA256
1d4b32c4ba025e745eff6d741e7baa97f1b8ef190a1e028e1d8dca45a1b97de9
-
SHA512
ee056bdfaeaf1f5aff255fe72f3c599222eb6e6aa33fd3eec1a95a3f59f819449158df43e8217e8d3b528f4ab89680dbdf9853fef36440c2c12fafcacb7822ac
-
SSDEEP
3145728:0zkvMBiaLXxsfGxSfC8/VeG/SjiHd8rwYsWxn0kWfy1Eg3V:0zMeaexTAFq2HmrbsWcaEu
Static task
static1
Malware Config
Extracted
stealc
default
http://testyregerglegrjerg.top
-
url_path
/eb6f29c6a60b3865.php
Targets
-
-
Target
CheatKeys__Application_66941d6bd945d.zip
-
Size
159.8MB
-
MD5
35d6439feb2e5ff5e7df97961f6b0297
-
SHA1
8d86717151633ff9180136a4686554e672aede9f
-
SHA256
1d4b32c4ba025e745eff6d741e7baa97f1b8ef190a1e028e1d8dca45a1b97de9
-
SHA512
ee056bdfaeaf1f5aff255fe72f3c599222eb6e6aa33fd3eec1a95a3f59f819449158df43e8217e8d3b528f4ab89680dbdf9853fef36440c2c12fafcacb7822ac
-
SSDEEP
3145728:0zkvMBiaLXxsfGxSfC8/VeG/SjiHd8rwYsWxn0kWfy1Eg3V:0zMeaexTAFq2HmrbsWcaEu
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-