General
-
Target
2dc0e2c813a603578bb9b654c2a86660N.exe
-
Size
389KB
-
Sample
240715-3m5k6sxerb
-
MD5
2dc0e2c813a603578bb9b654c2a86660
-
SHA1
77dd401a9926de63ec59e33453104aa071d37d40
-
SHA256
4d3892cf0232fef29678c80de7514c15a2935851744d3ba0b32397792e994c6a
-
SHA512
e710f506a28ee8aaa850ca5b1ef4f0fd9f80fba702c1d71a327a3ed520ec118bfad0e2558539d2d2240978bd33708864bf7e5c356b125fbf35af8ddf698e3066
-
SSDEEP
6144:+ayNK0bGLGTXZY9WHyI9nXSLWT+WT6pcU4vryPpJlBHPCyGZL:70bGLQaciL2H3Uo2PfPRGZ
Static task
static1
Behavioral task
behavioral1
Sample
2dc0e2c813a603578bb9b654c2a86660N.exe
Resource
win7-20240705-en
Malware Config
Extracted
stealc
default
http://85.28.47.60
-
url_path
/2605aa1b8b5b2f67.php
Targets
-
-
Target
2dc0e2c813a603578bb9b654c2a86660N.exe
-
Size
389KB
-
MD5
2dc0e2c813a603578bb9b654c2a86660
-
SHA1
77dd401a9926de63ec59e33453104aa071d37d40
-
SHA256
4d3892cf0232fef29678c80de7514c15a2935851744d3ba0b32397792e994c6a
-
SHA512
e710f506a28ee8aaa850ca5b1ef4f0fd9f80fba702c1d71a327a3ed520ec118bfad0e2558539d2d2240978bd33708864bf7e5c356b125fbf35af8ddf698e3066
-
SSDEEP
6144:+ayNK0bGLGTXZY9WHyI9nXSLWT+WT6pcU4vryPpJlBHPCyGZL:70bGLQaciL2H3Uo2PfPRGZ
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-