General
-
Target
35842f1846cfeb2053a60d05b3b13b03aebaf9744a18b4e1b7cfd05e9990d4e0
-
Size
390KB
-
Sample
240716-e2417avcqn
-
MD5
e3cc2c8642f8b62e90bb83e1dc9fb415
-
SHA1
c4c4174431f4c236db19cd2f1de34a40189050b9
-
SHA256
35842f1846cfeb2053a60d05b3b13b03aebaf9744a18b4e1b7cfd05e9990d4e0
-
SHA512
ff35e7069617aace2eff158a45186e6dc38adc4f79120acac6adf3aa1b1eaf7881a8f508c7cbb940ef8b20c15ef9a4f7828266771ae4427b809386ea4d5f61fc
-
SSDEEP
12288:zUpUUyOH0DBoFpVbZdewekwioORJi8IEO:gJy60DuFpVlQwe2oUJRIt
Static task
static1
Behavioral task
behavioral1
Sample
35842f1846cfeb2053a60d05b3b13b03aebaf9744a18b4e1b7cfd05e9990d4e0.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
35842f1846cfeb2053a60d05b3b13b03aebaf9744a18b4e1b7cfd05e9990d4e0
-
Size
390KB
-
MD5
e3cc2c8642f8b62e90bb83e1dc9fb415
-
SHA1
c4c4174431f4c236db19cd2f1de34a40189050b9
-
SHA256
35842f1846cfeb2053a60d05b3b13b03aebaf9744a18b4e1b7cfd05e9990d4e0
-
SHA512
ff35e7069617aace2eff158a45186e6dc38adc4f79120acac6adf3aa1b1eaf7881a8f508c7cbb940ef8b20c15ef9a4f7828266771ae4427b809386ea4d5f61fc
-
SSDEEP
12288:zUpUUyOH0DBoFpVbZdewekwioORJi8IEO:gJy60DuFpVlQwe2oUJRIt
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-