General
-
Target
71c2fb6496c0233b39b1812fa67e7d2b9452045972ba901e5cd947483b51bee2
-
Size
389KB
-
Sample
240715-kfbqeaxcqr
-
MD5
cd1929b1627d2b7ce7122c4520575b9e
-
SHA1
4d28684f4e6e2abf4d6d2920b8f648a4cf5ca215
-
SHA256
71c2fb6496c0233b39b1812fa67e7d2b9452045972ba901e5cd947483b51bee2
-
SHA512
c11c55bd8bfecf91de9d1940d932c533be11d62302556d07c09009422d7dffb0a4f4fc4eed2991aa7584e73cbd1f4b237b2d7f629f7ca64d6e1aef958a0d90f5
-
SSDEEP
6144:6lQLJyEiFkeLnCUcx/IcoN6OWMW6Li+iy6do6PxrO9UQ5tgmr2aHjIwLugG2di8w:6aiFHnC59iiRlQ56mlzLdi8IEO
Static task
static1
Behavioral task
behavioral1
Sample
71c2fb6496c0233b39b1812fa67e7d2b9452045972ba901e5cd947483b51bee2.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
71c2fb6496c0233b39b1812fa67e7d2b9452045972ba901e5cd947483b51bee2
-
Size
389KB
-
MD5
cd1929b1627d2b7ce7122c4520575b9e
-
SHA1
4d28684f4e6e2abf4d6d2920b8f648a4cf5ca215
-
SHA256
71c2fb6496c0233b39b1812fa67e7d2b9452045972ba901e5cd947483b51bee2
-
SHA512
c11c55bd8bfecf91de9d1940d932c533be11d62302556d07c09009422d7dffb0a4f4fc4eed2991aa7584e73cbd1f4b237b2d7f629f7ca64d6e1aef958a0d90f5
-
SSDEEP
6144:6lQLJyEiFkeLnCUcx/IcoN6OWMW6Li+iy6do6PxrO9UQ5tgmr2aHjIwLugG2di8w:6aiFHnC59iiRlQ56mlzLdi8IEO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-