General
-
Target
dfe6722a9fe95ea5b02523655bfdd442a5e92260e7aec3a84a3f1a7ca5f984a1
-
Size
390KB
-
Sample
240716-dzdksasgpj
-
MD5
436afa517a56f5a8c6e1c883a107d9db
-
SHA1
ad3d280a0413a501d4ed0e2ae32617b3517cb7ca
-
SHA256
dfe6722a9fe95ea5b02523655bfdd442a5e92260e7aec3a84a3f1a7ca5f984a1
-
SHA512
ff1553e4eb00d2f563544608ecc8a22331f08147510f69f6a0ba068664c6421b6b8d46b4ecf0548446bfeff6759cd3ac8315d22b18d142cd955fde1a24960bad
-
SSDEEP
6144:mBdKzRpL5aUyAUCjZBLnk8OnvKumlT+4+Exc5nawz4jWEf+5sdKuB6GB2skeei8p:mIpUUyOH26xqzGW0+5sd1MHi8zEO
Static task
static1
Behavioral task
behavioral1
Sample
dfe6722a9fe95ea5b02523655bfdd442a5e92260e7aec3a84a3f1a7ca5f984a1.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
dfe6722a9fe95ea5b02523655bfdd442a5e92260e7aec3a84a3f1a7ca5f984a1
-
Size
390KB
-
MD5
436afa517a56f5a8c6e1c883a107d9db
-
SHA1
ad3d280a0413a501d4ed0e2ae32617b3517cb7ca
-
SHA256
dfe6722a9fe95ea5b02523655bfdd442a5e92260e7aec3a84a3f1a7ca5f984a1
-
SHA512
ff1553e4eb00d2f563544608ecc8a22331f08147510f69f6a0ba068664c6421b6b8d46b4ecf0548446bfeff6759cd3ac8315d22b18d142cd955fde1a24960bad
-
SSDEEP
6144:mBdKzRpL5aUyAUCjZBLnk8OnvKumlT+4+Exc5nawz4jWEf+5sdKuB6GB2skeei8p:mIpUUyOH26xqzGW0+5sd1MHi8zEO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-