General
-
Target
8a9a1f6848dc2631c2417c1b2dc68d2a20ea9dabe9fb47a9354b01c5f373f5e4
-
Size
392KB
-
Sample
240716-r4hxysxelp
-
MD5
36b0555c3f437d092c0ac181c6b64a24
-
SHA1
856f2964ba54f3d71d96d1bae187b24f87f6486a
-
SHA256
8a9a1f6848dc2631c2417c1b2dc68d2a20ea9dabe9fb47a9354b01c5f373f5e4
-
SHA512
1db825c95bcac702bcbda739c7ed8f389b995855e1c79941b687db0419ad20a594c594680b0d7033b80dec2e571df612a1b867e0f82658352c9a3438f485d4f4
-
SSDEEP
12288:zOWvhaLP30V1aklkosYsiU27qDfxckJZ:assLPnijsid7qTxci
Static task
static1
Behavioral task
behavioral1
Sample
8a9a1f6848dc2631c2417c1b2dc68d2a20ea9dabe9fb47a9354b01c5f373f5e4.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
8a9a1f6848dc2631c2417c1b2dc68d2a20ea9dabe9fb47a9354b01c5f373f5e4
-
Size
392KB
-
MD5
36b0555c3f437d092c0ac181c6b64a24
-
SHA1
856f2964ba54f3d71d96d1bae187b24f87f6486a
-
SHA256
8a9a1f6848dc2631c2417c1b2dc68d2a20ea9dabe9fb47a9354b01c5f373f5e4
-
SHA512
1db825c95bcac702bcbda739c7ed8f389b995855e1c79941b687db0419ad20a594c594680b0d7033b80dec2e571df612a1b867e0f82658352c9a3438f485d4f4
-
SSDEEP
12288:zOWvhaLP30V1aklkosYsiU27qDfxckJZ:assLPnijsid7qTxci
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-