General
-
Target
626a3862a56326f0ab4ecab5195638ebac6915bab80ce5a88930d03023cd8570
-
Size
389KB
-
Sample
240715-f16daszdkn
-
MD5
3b3fd31b498c2be87f7174a99e011612
-
SHA1
33d57cebd248b097d46ea0c8686fa1313270043c
-
SHA256
626a3862a56326f0ab4ecab5195638ebac6915bab80ce5a88930d03023cd8570
-
SHA512
c4e958cddc12920d01ccad5211dd177e2bac981b5da677da7e7cf1416f7f774d49d80a43c6b6821b4942c60b97d8d0fd1fc0705d90e5201f726de00040935e96
-
SSDEEP
6144:ElQLlyEiFkeLnCUcx/IcoN6OWMW606J+cGCiPOGLVUpoT/sQWWwA2di8IEO:EOiFHnC591Yqz2YkoTkZi8IEO
Static task
static1
Behavioral task
behavioral1
Sample
626a3862a56326f0ab4ecab5195638ebac6915bab80ce5a88930d03023cd8570.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
626a3862a56326f0ab4ecab5195638ebac6915bab80ce5a88930d03023cd8570
-
Size
389KB
-
MD5
3b3fd31b498c2be87f7174a99e011612
-
SHA1
33d57cebd248b097d46ea0c8686fa1313270043c
-
SHA256
626a3862a56326f0ab4ecab5195638ebac6915bab80ce5a88930d03023cd8570
-
SHA512
c4e958cddc12920d01ccad5211dd177e2bac981b5da677da7e7cf1416f7f774d49d80a43c6b6821b4942c60b97d8d0fd1fc0705d90e5201f726de00040935e96
-
SSDEEP
6144:ElQLlyEiFkeLnCUcx/IcoN6OWMW606J+cGCiPOGLVUpoT/sQWWwA2di8IEO:EOiFHnC591Yqz2YkoTkZi8IEO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-