General
-
Target
64b0b19469ae1ce1bf0ebe58f422ce7a3c4b22dfca552521322268fc357ef1e1
-
Size
390KB
-
Sample
240716-h4fm6atcnd
-
MD5
169676d2d80931d3745b62a54d5ad9ac
-
SHA1
838b2f437ee48de5ffd1ab0082fdc3f7db78cf0f
-
SHA256
64b0b19469ae1ce1bf0ebe58f422ce7a3c4b22dfca552521322268fc357ef1e1
-
SHA512
da85bc7eef3f6f5344d4e4a05acf35640b7a5038f0a8fb379600ff9ea75247a5802dce431f71a7f4d4bc842774d32cfa17b49e42c6984cf7e4b90e3e44eeaa3e
-
SSDEEP
6144:/nsKlV5J3lHyo8/FPwHf5MO6vKdt4jXOq7u0o9daiUZN0RuFjdE+peei88EO:/75rHyDU8lC0IdaSutd/i88EO
Static task
static1
Behavioral task
behavioral1
Sample
64b0b19469ae1ce1bf0ebe58f422ce7a3c4b22dfca552521322268fc357ef1e1.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
64b0b19469ae1ce1bf0ebe58f422ce7a3c4b22dfca552521322268fc357ef1e1
-
Size
390KB
-
MD5
169676d2d80931d3745b62a54d5ad9ac
-
SHA1
838b2f437ee48de5ffd1ab0082fdc3f7db78cf0f
-
SHA256
64b0b19469ae1ce1bf0ebe58f422ce7a3c4b22dfca552521322268fc357ef1e1
-
SHA512
da85bc7eef3f6f5344d4e4a05acf35640b7a5038f0a8fb379600ff9ea75247a5802dce431f71a7f4d4bc842774d32cfa17b49e42c6984cf7e4b90e3e44eeaa3e
-
SSDEEP
6144:/nsKlV5J3lHyo8/FPwHf5MO6vKdt4jXOq7u0o9daiUZN0RuFjdE+peei88EO:/75rHyDU8lC0IdaSutd/i88EO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-