General
-
Target
c9fd04455ef58a8f3ff4cc8a545f7d46f03f5b4991ecf1b31f33cf464bb8deae
-
Size
390KB
-
Sample
240716-ebrceawfkg
-
MD5
84a113b387cfe16ae7fd3f917a01fe7e
-
SHA1
43492e98a943a496b921a27b38f4f8bbc6300373
-
SHA256
c9fd04455ef58a8f3ff4cc8a545f7d46f03f5b4991ecf1b31f33cf464bb8deae
-
SHA512
79d04fad30567ccaeea292e527804491e666b98e4f7fd75fb97c358f3d70f1701118bdd8a37dec69c903fa54f55b1bec796ad908b40e8a51c97e3d170ebd6e67
-
SSDEEP
6144:zpdfSzppL5aUyAUCjZBLnk8OXvKUDPJufaSdrds1bEsE//bGsBR3i3Pheei8LEO:zopUUyOHnFg1EBdsi8LEO
Static task
static1
Behavioral task
behavioral1
Sample
c9fd04455ef58a8f3ff4cc8a545f7d46f03f5b4991ecf1b31f33cf464bb8deae.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
c9fd04455ef58a8f3ff4cc8a545f7d46f03f5b4991ecf1b31f33cf464bb8deae
-
Size
390KB
-
MD5
84a113b387cfe16ae7fd3f917a01fe7e
-
SHA1
43492e98a943a496b921a27b38f4f8bbc6300373
-
SHA256
c9fd04455ef58a8f3ff4cc8a545f7d46f03f5b4991ecf1b31f33cf464bb8deae
-
SHA512
79d04fad30567ccaeea292e527804491e666b98e4f7fd75fb97c358f3d70f1701118bdd8a37dec69c903fa54f55b1bec796ad908b40e8a51c97e3d170ebd6e67
-
SSDEEP
6144:zpdfSzppL5aUyAUCjZBLnk8OXvKUDPJufaSdrds1bEsE//bGsBR3i3Pheei8LEO:zopUUyOHnFg1EBdsi8LEO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-