General
-
Target
fc8d5e27271e4bea6aec9dc78ea40ddc17c0caa54992fcc007982fc104748c60
-
Size
389KB
-
Sample
240715-gspk9avarg
-
MD5
5afe904473d627cf5782aa9ead2da328
-
SHA1
3bac2d26abb01a503abcb13e029ceeddbe35c2d2
-
SHA256
fc8d5e27271e4bea6aec9dc78ea40ddc17c0caa54992fcc007982fc104748c60
-
SHA512
8fe3c7b977689db8aa902eb5cc71976ff571d4ea043612bc026bfac0e2ace49c16b4af453c9aa1d7791631807d80551f4924b97198621e28b1aef9a7524133d1
-
SSDEEP
6144:YlYLDyMiFkeLnCUcx/IcoN6OpMW68B6PFyKAw4HJowkNcQ1/xBXgaO7R2di87EO:Y8iFHnC5Gv6PFyU6JkS0peaO7gi87EO
Static task
static1
Behavioral task
behavioral1
Sample
fc8d5e27271e4bea6aec9dc78ea40ddc17c0caa54992fcc007982fc104748c60.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
fc8d5e27271e4bea6aec9dc78ea40ddc17c0caa54992fcc007982fc104748c60
-
Size
389KB
-
MD5
5afe904473d627cf5782aa9ead2da328
-
SHA1
3bac2d26abb01a503abcb13e029ceeddbe35c2d2
-
SHA256
fc8d5e27271e4bea6aec9dc78ea40ddc17c0caa54992fcc007982fc104748c60
-
SHA512
8fe3c7b977689db8aa902eb5cc71976ff571d4ea043612bc026bfac0e2ace49c16b4af453c9aa1d7791631807d80551f4924b97198621e28b1aef9a7524133d1
-
SSDEEP
6144:YlYLDyMiFkeLnCUcx/IcoN6OpMW68B6PFyKAw4HJowkNcQ1/xBXgaO7R2di87EO:Y8iFHnC5Gv6PFyU6JkS0peaO7gi87EO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-