General
-
Target
9c08524f8b4079b3d0827f8e85b08d3f8423d97fb7b4e98a8953df89f00fe440
-
Size
390KB
-
Sample
240716-nt39cs1bnl
-
MD5
8c1f67388e82bf03d2e7a8fd3fee0edb
-
SHA1
22807434366a654f53fa96f4987ffec234fd9dea
-
SHA256
9c08524f8b4079b3d0827f8e85b08d3f8423d97fb7b4e98a8953df89f00fe440
-
SHA512
3c698c17ba5bcec729be10d1ad108f2c0abce7b59cfe67813c9c735f633f0ec1a573e65af060a8a94fa69452f68da7b9fb826c3ae9a15cb246fc7bbba3962caa
-
SSDEEP
6144:Gpd5SzppL5aUyAUCjZBLnk8OXvKGSwxuqueR1Kgsm3WblnR8Vceei8LEO:GepUUyOHy4QzKPm3WH2Gi8LEO
Static task
static1
Behavioral task
behavioral1
Sample
9c08524f8b4079b3d0827f8e85b08d3f8423d97fb7b4e98a8953df89f00fe440.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
9c08524f8b4079b3d0827f8e85b08d3f8423d97fb7b4e98a8953df89f00fe440
-
Size
390KB
-
MD5
8c1f67388e82bf03d2e7a8fd3fee0edb
-
SHA1
22807434366a654f53fa96f4987ffec234fd9dea
-
SHA256
9c08524f8b4079b3d0827f8e85b08d3f8423d97fb7b4e98a8953df89f00fe440
-
SHA512
3c698c17ba5bcec729be10d1ad108f2c0abce7b59cfe67813c9c735f633f0ec1a573e65af060a8a94fa69452f68da7b9fb826c3ae9a15cb246fc7bbba3962caa
-
SSDEEP
6144:Gpd5SzppL5aUyAUCjZBLnk8OXvKGSwxuqueR1Kgsm3WblnR8Vceei8LEO:GepUUyOHy4QzKPm3WH2Gi8LEO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-