General
-
Target
120479118e5768a2a01683e2f68b8d65016ebbe307f25a0c7ef6ded4de6a9290
-
Size
390KB
-
Sample
240716-gjmejaxflj
-
MD5
d3aa7aef98a42b3d031813867a06f0de
-
SHA1
4f971704e79cda6433282859a72582a23c27b302
-
SHA256
120479118e5768a2a01683e2f68b8d65016ebbe307f25a0c7ef6ded4de6a9290
-
SHA512
efa9b3634beed4c2a7e70c6763f336eec03c2445fd3c7de563a92b97bdb9583a4a898c9d60ae8d5e50cf207e5879dfcb30bfc92b258c506500384aba6d063d3d
-
SSDEEP
6144:gnsQlV5J3lHyo8/FPwHf5MO6vKJwQsJcU19dt3ZK7bBs7KwFeei88EO:gZ5rHyDUTYcU1LKfCVi88EO
Static task
static1
Behavioral task
behavioral1
Sample
120479118e5768a2a01683e2f68b8d65016ebbe307f25a0c7ef6ded4de6a9290.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
120479118e5768a2a01683e2f68b8d65016ebbe307f25a0c7ef6ded4de6a9290
-
Size
390KB
-
MD5
d3aa7aef98a42b3d031813867a06f0de
-
SHA1
4f971704e79cda6433282859a72582a23c27b302
-
SHA256
120479118e5768a2a01683e2f68b8d65016ebbe307f25a0c7ef6ded4de6a9290
-
SHA512
efa9b3634beed4c2a7e70c6763f336eec03c2445fd3c7de563a92b97bdb9583a4a898c9d60ae8d5e50cf207e5879dfcb30bfc92b258c506500384aba6d063d3d
-
SSDEEP
6144:gnsQlV5J3lHyo8/FPwHf5MO6vKJwQsJcU19dt3ZK7bBs7KwFeei88EO:gZ5rHyDUTYcU1LKfCVi88EO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-