General
-
Target
a46a3ae2719846bb81554f83033d5faa1f4ea8f68be402ad7461f42a93b76b5c
-
Size
390KB
-
Sample
240716-jf5g2s1enm
-
MD5
3e0bcc57675620511db1b910d784e746
-
SHA1
ab32992dbb8191e6339047a3eeb5983776d5d498
-
SHA256
a46a3ae2719846bb81554f83033d5faa1f4ea8f68be402ad7461f42a93b76b5c
-
SHA512
c150c4d39f8bb58d540de85b86282366f1753317bba7d72414e399449918384ebebd8cd11a5e67ae26a01b678c1e12c2d5b998d712066d7c05e53d1e3f0cacd3
-
SSDEEP
6144:gpdOSzppL5aUyAUCjZBLnk8OXvK5jKBsGnjIh8jY4k8fxFY4yvVOkO+8eei8LEO:gFpUUyOHfpMj3jVkCY4A8Vi8LEO
Static task
static1
Behavioral task
behavioral1
Sample
a46a3ae2719846bb81554f83033d5faa1f4ea8f68be402ad7461f42a93b76b5c.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
a46a3ae2719846bb81554f83033d5faa1f4ea8f68be402ad7461f42a93b76b5c
-
Size
390KB
-
MD5
3e0bcc57675620511db1b910d784e746
-
SHA1
ab32992dbb8191e6339047a3eeb5983776d5d498
-
SHA256
a46a3ae2719846bb81554f83033d5faa1f4ea8f68be402ad7461f42a93b76b5c
-
SHA512
c150c4d39f8bb58d540de85b86282366f1753317bba7d72414e399449918384ebebd8cd11a5e67ae26a01b678c1e12c2d5b998d712066d7c05e53d1e3f0cacd3
-
SSDEEP
6144:gpdOSzppL5aUyAUCjZBLnk8OXvK5jKBsGnjIh8jY4k8fxFY4yvVOkO+8eei8LEO:gFpUUyOHfpMj3jVkCY4A8Vi8LEO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-