General
-
Target
1b2d987396c33985fb4b79a60d2ac208e1342bdcfc504f79cf0f6fc8ebaa6091
-
Size
390KB
-
Sample
240716-bny18s1dke
-
MD5
170065482253ea35e6d1a76698704770
-
SHA1
64a38cf98d54a1fba0ddda251cfb3ac7c89de125
-
SHA256
1b2d987396c33985fb4b79a60d2ac208e1342bdcfc504f79cf0f6fc8ebaa6091
-
SHA512
ac6bd4bb27254ba9239651e89b7d941bb65c6618cf084613dc60f1846b54479f1640559dc397a1f94b0f60906ac86a402df11faf767ee630f87c56be72027cd7
-
SSDEEP
6144:4xd7zBpL5aUyAUCjZBLnk8OEvKBwaKsfNNbiONij4Fi08m7hMgM7teei8YEO:4RpUUyOHYwA3iOok0Lg01i8YEO
Static task
static1
Behavioral task
behavioral1
Sample
1b2d987396c33985fb4b79a60d2ac208e1342bdcfc504f79cf0f6fc8ebaa6091.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
1b2d987396c33985fb4b79a60d2ac208e1342bdcfc504f79cf0f6fc8ebaa6091
-
Size
390KB
-
MD5
170065482253ea35e6d1a76698704770
-
SHA1
64a38cf98d54a1fba0ddda251cfb3ac7c89de125
-
SHA256
1b2d987396c33985fb4b79a60d2ac208e1342bdcfc504f79cf0f6fc8ebaa6091
-
SHA512
ac6bd4bb27254ba9239651e89b7d941bb65c6618cf084613dc60f1846b54479f1640559dc397a1f94b0f60906ac86a402df11faf767ee630f87c56be72027cd7
-
SSDEEP
6144:4xd7zBpL5aUyAUCjZBLnk8OEvKBwaKsfNNbiONij4Fi08m7hMgM7teei8YEO:4RpUUyOHYwA3iOok0Lg01i8YEO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-