General
-
Target
script.txt
-
Size
191B
-
Sample
240716-rb7qlsyfpg
-
MD5
ff524aca61e35b38606db3fdc91fc693
-
SHA1
2018428314d426f9fbe9687b2a04cd3c9243e453
-
SHA256
1437144ab1f5fc4630b7b6037418588762b88821e0723581169a5833232a43d5
-
SHA512
5d208dd27917e715aab8c0b1125b5e7b426fb3cb819175f69c78e789cda798f5dfb4cb59d3868040d0758945de5c5da1f0a627551c73e7939dc72bf45ee7057f
Static task
static1
Behavioral task
behavioral1
Sample
script.txt
Resource
win7-20240705-en
Malware Config
Extracted
stealc
default
http://185.106.93.99
-
url_path
/06e5995a0969a62f.php
Targets
-
-
Target
script.txt
-
Size
191B
-
MD5
ff524aca61e35b38606db3fdc91fc693
-
SHA1
2018428314d426f9fbe9687b2a04cd3c9243e453
-
SHA256
1437144ab1f5fc4630b7b6037418588762b88821e0723581169a5833232a43d5
-
SHA512
5d208dd27917e715aab8c0b1125b5e7b426fb3cb819175f69c78e789cda798f5dfb4cb59d3868040d0758945de5c5da1f0a627551c73e7939dc72bf45ee7057f
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-