General
-
Target
VmAxisSetup.exe
-
Size
5.0MB
-
Sample
240715-eh9sbszcla
-
MD5
7e46a12fd69f979a040d1f09cb1ce21f
-
SHA1
2448928679d90cbcfd090c0010d7e977bb96804a
-
SHA256
07e659bded3498b1a977eddff446b43651def5c833968aac55873034f1e67eb4
-
SHA512
e0c26a7aa54e67b9cf6b8c4a4c761f6db2135cf78e9eb63b3dd26685ea978c6d609fd1f98ab913c91ea1933da0e97b534771bcbcda6fcb4dfa0ba0b202a3a8f1
-
SSDEEP
98304:/ueYS56shG80pwjfTmWPcYfOPs2JFZEj0BS+Jni:G7y6u90CTmccY2Ps2Hmjngni
Static task
static1
Behavioral task
behavioral1
Sample
VmAxisSetup.exe
Resource
win7-20240708-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
VmAxisSetup.exe
-
Size
5.0MB
-
MD5
7e46a12fd69f979a040d1f09cb1ce21f
-
SHA1
2448928679d90cbcfd090c0010d7e977bb96804a
-
SHA256
07e659bded3498b1a977eddff446b43651def5c833968aac55873034f1e67eb4
-
SHA512
e0c26a7aa54e67b9cf6b8c4a4c761f6db2135cf78e9eb63b3dd26685ea978c6d609fd1f98ab913c91ea1933da0e97b534771bcbcda6fcb4dfa0ba0b202a3a8f1
-
SSDEEP
98304:/ueYS56shG80pwjfTmWPcYfOPs2JFZEj0BS+Jni:G7y6u90CTmccY2Ps2Hmjngni
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Downloads MZ/PE file
-
Suspicious use of SetThreadContext
-