General
-
Target
a3db4b88cd5892c2b86cf6b0a1f64dbbbd02b06ecd5ead6679aec662ff0d16e0
-
Size
389KB
-
Sample
240715-fnqr3ssalh
-
MD5
b6df411ced924b1cfcabd54d3286ca8f
-
SHA1
ca13fb04c1d9693b99222a9ef448dc3eae767ccd
-
SHA256
a3db4b88cd5892c2b86cf6b0a1f64dbbbd02b06ecd5ead6679aec662ff0d16e0
-
SHA512
5103451b87a65584de4e6fb543d828392152a82a007dba5173e52c35f9c3b8118db63b36d79c0c9466b5532692aa23b6f05cea5c654f7b5ebc0676f9cf236429
-
SSDEEP
6144:QlYLVyMiFkeLnCUcx/IcoN6OpMW6TBFZP39quZ0m6AdKKuF9XChxbTJEZ2di87EO:QeiFHnC5GCBbxZyAoVF9Xyfti87EO
Static task
static1
Behavioral task
behavioral1
Sample
a3db4b88cd5892c2b86cf6b0a1f64dbbbd02b06ecd5ead6679aec662ff0d16e0.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
a3db4b88cd5892c2b86cf6b0a1f64dbbbd02b06ecd5ead6679aec662ff0d16e0
-
Size
389KB
-
MD5
b6df411ced924b1cfcabd54d3286ca8f
-
SHA1
ca13fb04c1d9693b99222a9ef448dc3eae767ccd
-
SHA256
a3db4b88cd5892c2b86cf6b0a1f64dbbbd02b06ecd5ead6679aec662ff0d16e0
-
SHA512
5103451b87a65584de4e6fb543d828392152a82a007dba5173e52c35f9c3b8118db63b36d79c0c9466b5532692aa23b6f05cea5c654f7b5ebc0676f9cf236429
-
SSDEEP
6144:QlYLVyMiFkeLnCUcx/IcoN6OpMW6TBFZP39quZ0m6AdKKuF9XChxbTJEZ2di87EO:QeiFHnC5GCBbxZyAoVF9Xyfti87EO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-