General
-
Target
c91a84e1bcf5f60aa6179fda362795e04d66e1aedd601f6b4a8726ca18b2fe1f
-
Size
390KB
-
Sample
240716-csk6lstbpg
-
MD5
e7842e41332a8173b2d4f3c310b08f74
-
SHA1
e93aca4ef1482bc2f2f644cbdef2269f04747d8e
-
SHA256
c91a84e1bcf5f60aa6179fda362795e04d66e1aedd601f6b4a8726ca18b2fe1f
-
SHA512
86d1878d82100596fc2148acb260de4539840469662aaaf2a9b3c9e5ef8cda7d4a4d49cba87087a29bc813afdb99c6ce16e55bd21aaa5535039cd8861ee48dd7
-
SSDEEP
6144:JBdEzRpL5aUyAUCjZBLnk8OnvKxhB8gLI1KmbujFxIP+eWY6NMAooJLmsFMqkeej:JypUUyOHkg8dbujFuPPlA8tzi8zEO
Static task
static1
Behavioral task
behavioral1
Sample
c91a84e1bcf5f60aa6179fda362795e04d66e1aedd601f6b4a8726ca18b2fe1f.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
c91a84e1bcf5f60aa6179fda362795e04d66e1aedd601f6b4a8726ca18b2fe1f
-
Size
390KB
-
MD5
e7842e41332a8173b2d4f3c310b08f74
-
SHA1
e93aca4ef1482bc2f2f644cbdef2269f04747d8e
-
SHA256
c91a84e1bcf5f60aa6179fda362795e04d66e1aedd601f6b4a8726ca18b2fe1f
-
SHA512
86d1878d82100596fc2148acb260de4539840469662aaaf2a9b3c9e5ef8cda7d4a4d49cba87087a29bc813afdb99c6ce16e55bd21aaa5535039cd8861ee48dd7
-
SSDEEP
6144:JBdEzRpL5aUyAUCjZBLnk8OnvKxhB8gLI1KmbujFxIP+eWY6NMAooJLmsFMqkeej:JypUUyOHkg8dbujFuPPlA8tzi8zEO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-