General
-
Target
414349c634eb06704ddd7bf5b04beb7ceddcd9ea2d715efc5a295f57476e13bb
-
Size
390KB
-
Sample
240716-akjlpsyfqb
-
MD5
eb0c3acaf2d50749be6fbb595f0e00e9
-
SHA1
ec192fc4e6eb4fce597814e41b2955c6a24f501e
-
SHA256
414349c634eb06704ddd7bf5b04beb7ceddcd9ea2d715efc5a295f57476e13bb
-
SHA512
f1c8276330020344f2095b62bd5553f03d7770ea5e95d6f1bfb10c87bcbd34208a64999734eca9bc633c10079c941f285241fc3e795af3a471c564c2a658d5eb
-
SSDEEP
6144:1hdXzxpL5aUyAUCjZBLnk8OEvKtsjY3MrU9Cm13snik+oTwTumsceVeei8IEO:1dpUUyOH6osf4m13x08LUdi8IEO
Static task
static1
Behavioral task
behavioral1
Sample
414349c634eb06704ddd7bf5b04beb7ceddcd9ea2d715efc5a295f57476e13bb.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
414349c634eb06704ddd7bf5b04beb7ceddcd9ea2d715efc5a295f57476e13bb
-
Size
390KB
-
MD5
eb0c3acaf2d50749be6fbb595f0e00e9
-
SHA1
ec192fc4e6eb4fce597814e41b2955c6a24f501e
-
SHA256
414349c634eb06704ddd7bf5b04beb7ceddcd9ea2d715efc5a295f57476e13bb
-
SHA512
f1c8276330020344f2095b62bd5553f03d7770ea5e95d6f1bfb10c87bcbd34208a64999734eca9bc633c10079c941f285241fc3e795af3a471c564c2a658d5eb
-
SSDEEP
6144:1hdXzxpL5aUyAUCjZBLnk8OEvKtsjY3MrU9Cm13snik+oTwTumsceVeei8IEO:1dpUUyOH6osf4m13x08LUdi8IEO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-