General
-
Target
803744110d22f6501c1cd9313ee0e591545e3ad3e3f0af19713148cd59f6a66e
-
Size
389KB
-
Sample
240715-ljr28szckl
-
MD5
64a2b2087fbf62ef1d663757882f1af3
-
SHA1
cf5babe94f5ba14fe2c392c21729f3c179babb56
-
SHA256
803744110d22f6501c1cd9313ee0e591545e3ad3e3f0af19713148cd59f6a66e
-
SHA512
99834dce9ad48609f77d0403f4c71b89e48c84f91a6e87bbec2cb51253acffb23a6d008d859481fa7eba6bebc1b5768d24012390df4720b7975092c2ba7c0195
-
SSDEEP
6144:FF2q4cEtSqH6rC8sRA8WBZY/OEMW6BpvW/fOjkjr0SgTyJuTyC48swnoU2di8cEO:FytS7rCxMMUKj2x489nIi8cEO
Static task
static1
Behavioral task
behavioral1
Sample
803744110d22f6501c1cd9313ee0e591545e3ad3e3f0af19713148cd59f6a66e.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
803744110d22f6501c1cd9313ee0e591545e3ad3e3f0af19713148cd59f6a66e
-
Size
389KB
-
MD5
64a2b2087fbf62ef1d663757882f1af3
-
SHA1
cf5babe94f5ba14fe2c392c21729f3c179babb56
-
SHA256
803744110d22f6501c1cd9313ee0e591545e3ad3e3f0af19713148cd59f6a66e
-
SHA512
99834dce9ad48609f77d0403f4c71b89e48c84f91a6e87bbec2cb51253acffb23a6d008d859481fa7eba6bebc1b5768d24012390df4720b7975092c2ba7c0195
-
SSDEEP
6144:FF2q4cEtSqH6rC8sRA8WBZY/OEMW6BpvW/fOjkjr0SgTyJuTyC48swnoU2di8cEO:FytS7rCxMMUKj2x489nIi8cEO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-