General
-
Target
d8808527b4089682ba4eef1b29fd6ac3e98a82d52009ad50ff161b5bcb1768fa
-
Size
390KB
-
Sample
240716-j7wdfsshml
-
MD5
f803182d5528ef2bf0b7b52351de2412
-
SHA1
098a0489be1222766d16c19cc186c780942b314f
-
SHA256
d8808527b4089682ba4eef1b29fd6ac3e98a82d52009ad50ff161b5bcb1768fa
-
SHA512
8de89bc285073b5295187d4a053de70afbb6e2a2ff601454aa1c438199af127d86504326f09ca487261ad4c85b7ad8a99a1e0ce5b1a42716d451c053baddc014
-
SSDEEP
6144:1xdxzBpL5aUyAUCjZBLnk8OEvKz/h1oABhj+cqtcNAVnojJXiwz3IpMeei8YEO:13pUUyOHactJcLWWi8YEO
Static task
static1
Behavioral task
behavioral1
Sample
d8808527b4089682ba4eef1b29fd6ac3e98a82d52009ad50ff161b5bcb1768fa.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
d8808527b4089682ba4eef1b29fd6ac3e98a82d52009ad50ff161b5bcb1768fa
-
Size
390KB
-
MD5
f803182d5528ef2bf0b7b52351de2412
-
SHA1
098a0489be1222766d16c19cc186c780942b314f
-
SHA256
d8808527b4089682ba4eef1b29fd6ac3e98a82d52009ad50ff161b5bcb1768fa
-
SHA512
8de89bc285073b5295187d4a053de70afbb6e2a2ff601454aa1c438199af127d86504326f09ca487261ad4c85b7ad8a99a1e0ce5b1a42716d451c053baddc014
-
SSDEEP
6144:1xdxzBpL5aUyAUCjZBLnk8OEvKz/h1oABhj+cqtcNAVnojJXiwz3IpMeei8YEO:13pUUyOHactJcLWWi8YEO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-