General
-
Target
13e2b54831ed5727a9a05e24d5acf949f6a0740dcc284991415785ab0b6c470a
-
Size
389KB
-
Sample
240715-hhlx2sshpq
-
MD5
4d60a0613289f2f1934830577402fb69
-
SHA1
ecd2974f252cf916eff58be3aa430669091c9d5d
-
SHA256
13e2b54831ed5727a9a05e24d5acf949f6a0740dcc284991415785ab0b6c470a
-
SHA512
d96be10292a13ccb81c6157edc8f514a7b2c522eb1277c217e9795bac4f75e0809fb345932be72afd2b13736d70a163aaffd37ab21bd1e190626f5d7978615dd
-
SSDEEP
6144:rlgLgy0iFkeLnCUcx/IcoN6O2MW6GriQGrhEFBaslycUAgYugrQNjhQA5v2di84t:rViFHnC5dLriQGldcU2Qe/i84EO
Static task
static1
Behavioral task
behavioral1
Sample
13e2b54831ed5727a9a05e24d5acf949f6a0740dcc284991415785ab0b6c470a.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
13e2b54831ed5727a9a05e24d5acf949f6a0740dcc284991415785ab0b6c470a
-
Size
389KB
-
MD5
4d60a0613289f2f1934830577402fb69
-
SHA1
ecd2974f252cf916eff58be3aa430669091c9d5d
-
SHA256
13e2b54831ed5727a9a05e24d5acf949f6a0740dcc284991415785ab0b6c470a
-
SHA512
d96be10292a13ccb81c6157edc8f514a7b2c522eb1277c217e9795bac4f75e0809fb345932be72afd2b13736d70a163aaffd37ab21bd1e190626f5d7978615dd
-
SSDEEP
6144:rlgLgy0iFkeLnCUcx/IcoN6O2MW6GriQGrhEFBaslycUAgYugrQNjhQA5v2di84t:rViFHnC5dLriQGldcU2Qe/i84EO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-