General
-
Target
2827577ee3a5ee62c8e52745117151b2213240be3e24b9a57fd975c99627c784
-
Size
389KB
-
Sample
240715-gd8qkstdna
-
MD5
9a50383e3575631eec9938dfc3a05195
-
SHA1
f4e4e635772db609dcff562e4601a8c0fc6d36b2
-
SHA256
2827577ee3a5ee62c8e52745117151b2213240be3e24b9a57fd975c99627c784
-
SHA512
3f01a32ca360a52b8f32295a5278a917e6ad857758faa76ecbce9f854af8137a75aac1edcfe1da79aaba7f018afe3fdf8a6ecf118fdd40e1f24d89953aa752a1
-
SSDEEP
6144:algLDy0iFkeLnCUcx/IcoN6O2MW6YzEbN1nzKwZH7j4GMDZ8vsQGV597PH2di84t:aUiFHnC5dBQTuwZXKFNDSi84EO
Static task
static1
Behavioral task
behavioral1
Sample
2827577ee3a5ee62c8e52745117151b2213240be3e24b9a57fd975c99627c784.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
2827577ee3a5ee62c8e52745117151b2213240be3e24b9a57fd975c99627c784
-
Size
389KB
-
MD5
9a50383e3575631eec9938dfc3a05195
-
SHA1
f4e4e635772db609dcff562e4601a8c0fc6d36b2
-
SHA256
2827577ee3a5ee62c8e52745117151b2213240be3e24b9a57fd975c99627c784
-
SHA512
3f01a32ca360a52b8f32295a5278a917e6ad857758faa76ecbce9f854af8137a75aac1edcfe1da79aaba7f018afe3fdf8a6ecf118fdd40e1f24d89953aa752a1
-
SSDEEP
6144:algLDy0iFkeLnCUcx/IcoN6O2MW6YzEbN1nzKwZH7j4GMDZ8vsQGV597PH2di84t:aUiFHnC5dBQTuwZXKFNDSi84EO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-