General
-
Target
b0503722a1e86c58117871d01f210c6e987ed6c8589ee3f1db31fbafeb75716f
-
Size
390KB
-
Sample
240715-3y7vnsvhnj
-
MD5
29e2094ee956518b475b4f4f34fa9f2f
-
SHA1
ef44d46dd6befdfb7de3e6ed92a90fe6b790abc7
-
SHA256
b0503722a1e86c58117871d01f210c6e987ed6c8589ee3f1db31fbafeb75716f
-
SHA512
8d767decd1498424da4b090674161252322e24e044b98a3876cedc98b38c86c691850c495927575baa481b5bfd2de806b467012d5197c4be6bf1e412132d6f71
-
SSDEEP
6144:6xd7zBpL5aUyAUCjZBLnk8OEvK5dXXpd4QKmB34PBle8z85LaKU6eei8YEO:6RpUUyOHS9dBoNzKti8YEO
Static task
static1
Behavioral task
behavioral1
Sample
b0503722a1e86c58117871d01f210c6e987ed6c8589ee3f1db31fbafeb75716f.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
b0503722a1e86c58117871d01f210c6e987ed6c8589ee3f1db31fbafeb75716f
-
Size
390KB
-
MD5
29e2094ee956518b475b4f4f34fa9f2f
-
SHA1
ef44d46dd6befdfb7de3e6ed92a90fe6b790abc7
-
SHA256
b0503722a1e86c58117871d01f210c6e987ed6c8589ee3f1db31fbafeb75716f
-
SHA512
8d767decd1498424da4b090674161252322e24e044b98a3876cedc98b38c86c691850c495927575baa481b5bfd2de806b467012d5197c4be6bf1e412132d6f71
-
SSDEEP
6144:6xd7zBpL5aUyAUCjZBLnk8OEvK5dXXpd4QKmB34PBle8z85LaKU6eei8YEO:6RpUUyOHS9dBoNzKti8YEO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-