General
-
Target
7fada6ed230b378be0ac6cc723eb6ffbf217d24dd3e42ba13920ac05f08ccde7
-
Size
389KB
-
Sample
240715-g56ejavfnd
-
MD5
8ff04470202f9ab318af671f072e76af
-
SHA1
bb3e9da7fe9664f4808353bd3c4879639df83731
-
SHA256
7fada6ed230b378be0ac6cc723eb6ffbf217d24dd3e42ba13920ac05f08ccde7
-
SHA512
d35a02567ebf05b8707d3ed78208430a0bf740eff318bbea852bf9c4a7273bc2fb8a5226001ade3a078a9d4d23c1bbd0bd2dd716da9dba9a2158f2876e3e2240
-
SSDEEP
6144:TF2qGcEtSqH6rC8sRA8WBZY/OEMW6Ywu9SkGq41T34t56fDXqYLTrIm2di8cEO:T4tS7rCxMM1wYGqQbQ526YTSi8cEO
Static task
static1
Behavioral task
behavioral1
Sample
7fada6ed230b378be0ac6cc723eb6ffbf217d24dd3e42ba13920ac05f08ccde7.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
7fada6ed230b378be0ac6cc723eb6ffbf217d24dd3e42ba13920ac05f08ccde7
-
Size
389KB
-
MD5
8ff04470202f9ab318af671f072e76af
-
SHA1
bb3e9da7fe9664f4808353bd3c4879639df83731
-
SHA256
7fada6ed230b378be0ac6cc723eb6ffbf217d24dd3e42ba13920ac05f08ccde7
-
SHA512
d35a02567ebf05b8707d3ed78208430a0bf740eff318bbea852bf9c4a7273bc2fb8a5226001ade3a078a9d4d23c1bbd0bd2dd716da9dba9a2158f2876e3e2240
-
SSDEEP
6144:TF2qGcEtSqH6rC8sRA8WBZY/OEMW6Ywu9SkGq41T34t56fDXqYLTrIm2di8cEO:T4tS7rCxMM1wYGqQbQ526YTSi8cEO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-