General
-
Target
509f6756af7a1e5a1f8f5da1e6204c4310adae76863206c6e66b0b24ed584456
-
Size
389KB
-
Sample
240715-jl6x3aydlf
-
MD5
46046c8c6595b8eb671393ec089bcdce
-
SHA1
15b23f722c029bcd74f4162e21e03e8388cdee8a
-
SHA256
509f6756af7a1e5a1f8f5da1e6204c4310adae76863206c6e66b0b24ed584456
-
SHA512
509e5b975020aa0f466ccf6dedf75572cb3aac5fe10c87dddc56e5d4eb7b2a9570a84b00eeac0eb778cfb7ab7b758d6d19a6ddc3b7cce93fe1966c4beddb8ae5
-
SSDEEP
6144:tlwLkykiFkeLnCUcx/IcoN6OpMW6dslwOEVdb5qQP/yBxLifTwWkuhng2di8DEO:tRiFHnC5mdwNJqQXWLi/kkXi8DEO
Static task
static1
Behavioral task
behavioral1
Sample
509f6756af7a1e5a1f8f5da1e6204c4310adae76863206c6e66b0b24ed584456.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
509f6756af7a1e5a1f8f5da1e6204c4310adae76863206c6e66b0b24ed584456
-
Size
389KB
-
MD5
46046c8c6595b8eb671393ec089bcdce
-
SHA1
15b23f722c029bcd74f4162e21e03e8388cdee8a
-
SHA256
509f6756af7a1e5a1f8f5da1e6204c4310adae76863206c6e66b0b24ed584456
-
SHA512
509e5b975020aa0f466ccf6dedf75572cb3aac5fe10c87dddc56e5d4eb7b2a9570a84b00eeac0eb778cfb7ab7b758d6d19a6ddc3b7cce93fe1966c4beddb8ae5
-
SSDEEP
6144:tlwLkykiFkeLnCUcx/IcoN6OpMW6dslwOEVdb5qQP/yBxLifTwWkuhng2di8DEO:tRiFHnC5mdwNJqQXWLi/kkXi8DEO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-