General
-
Target
66c7af5a2f60fc5e3a8c816156f4cbe315cb4fadec78e94613b2d846955101ba
-
Size
390KB
-
Sample
240716-f6v5hszdlc
-
MD5
5c7f025348daf617c3adc5cb5f1fefc8
-
SHA1
f445d23add698243380618a23dbabc06b1580bc1
-
SHA256
66c7af5a2f60fc5e3a8c816156f4cbe315cb4fadec78e94613b2d846955101ba
-
SHA512
855e3f8c7de50f57be8a41df68594e107f4acf78378abc61dba81b0ffc6541e91f540362572986b4238fa4f197890d6a772a0fb056d4a97d4e68e546a3111bb3
-
SSDEEP
6144:tpdESzppL5aUyAUCjZBLnk8OXvKwRIinV6ZawmwhQMlpP9EpIbKMDCjeei8LEO:tvpUUyOH6RItOwOSEpIexi8LEO
Static task
static1
Behavioral task
behavioral1
Sample
66c7af5a2f60fc5e3a8c816156f4cbe315cb4fadec78e94613b2d846955101ba.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
66c7af5a2f60fc5e3a8c816156f4cbe315cb4fadec78e94613b2d846955101ba
-
Size
390KB
-
MD5
5c7f025348daf617c3adc5cb5f1fefc8
-
SHA1
f445d23add698243380618a23dbabc06b1580bc1
-
SHA256
66c7af5a2f60fc5e3a8c816156f4cbe315cb4fadec78e94613b2d846955101ba
-
SHA512
855e3f8c7de50f57be8a41df68594e107f4acf78378abc61dba81b0ffc6541e91f540362572986b4238fa4f197890d6a772a0fb056d4a97d4e68e546a3111bb3
-
SSDEEP
6144:tpdESzppL5aUyAUCjZBLnk8OXvKwRIinV6ZawmwhQMlpP9EpIbKMDCjeei8LEO:tvpUUyOH6RItOwOSEpIexi8LEO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-