General
-
Target
21734f2d86603c5d9d480a60cfa58ba3fe45d527339b69c9d9d87ea5d0cf780e
-
Size
390KB
-
Sample
240716-dh27tavdja
-
MD5
a0c32dd823c9ce012aab3baf55db872e
-
SHA1
670f42deea0fd11067ddef5fe088e133ebdb34ce
-
SHA256
21734f2d86603c5d9d480a60cfa58ba3fe45d527339b69c9d9d87ea5d0cf780e
-
SHA512
26f1d64eff338b82bffc271082fb9e520168ae60b4cc135b7f53dbfa6a20063492558ed23652656c6345a0aea6c97f907e19021aa45571817b363f99abaac924
-
SSDEEP
6144:DpdESzppL5aUyAUCjZBLnk8OXvKTxD0fqVNqQ2pklnW6u6cUtXoeei8LEO:DvpUUyOHh50qfckloxi8LEO
Static task
static1
Behavioral task
behavioral1
Sample
21734f2d86603c5d9d480a60cfa58ba3fe45d527339b69c9d9d87ea5d0cf780e.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
21734f2d86603c5d9d480a60cfa58ba3fe45d527339b69c9d9d87ea5d0cf780e
-
Size
390KB
-
MD5
a0c32dd823c9ce012aab3baf55db872e
-
SHA1
670f42deea0fd11067ddef5fe088e133ebdb34ce
-
SHA256
21734f2d86603c5d9d480a60cfa58ba3fe45d527339b69c9d9d87ea5d0cf780e
-
SHA512
26f1d64eff338b82bffc271082fb9e520168ae60b4cc135b7f53dbfa6a20063492558ed23652656c6345a0aea6c97f907e19021aa45571817b363f99abaac924
-
SSDEEP
6144:DpdESzppL5aUyAUCjZBLnk8OXvKTxD0fqVNqQ2pklnW6u6cUtXoeei8LEO:DvpUUyOHh50qfckloxi8LEO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-