General
-
Target
c725a3679a90d6b78427daffadde09f9b254a9e12f392e1b678f96ad5c7db5a2
-
Size
401KB
-
Sample
240716-rbckgayflh
-
MD5
6c4aa3a1de7580b400ade38fdc1dc779
-
SHA1
45c2219d6edbb20d9d6198483c2ff7bfd66c24ef
-
SHA256
c725a3679a90d6b78427daffadde09f9b254a9e12f392e1b678f96ad5c7db5a2
-
SHA512
4f31d1760b657f711b288510758de7fa10b81174691fd6e6349bc063d070942f74304029eed1e9f94c0dcdb350e722af7ba95ac5985a5cf7b5c70b92ad5ffd0e
-
SSDEEP
12288:lcQON1oL7HVZqtg2rIhUcsZbmccOVJZiEO:vWKLfOjrEUcsZbdkt
Static task
static1
Behavioral task
behavioral1
Sample
c725a3679a90d6b78427daffadde09f9b254a9e12f392e1b678f96ad5c7db5a2.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
c725a3679a90d6b78427daffadde09f9b254a9e12f392e1b678f96ad5c7db5a2
-
Size
401KB
-
MD5
6c4aa3a1de7580b400ade38fdc1dc779
-
SHA1
45c2219d6edbb20d9d6198483c2ff7bfd66c24ef
-
SHA256
c725a3679a90d6b78427daffadde09f9b254a9e12f392e1b678f96ad5c7db5a2
-
SHA512
4f31d1760b657f711b288510758de7fa10b81174691fd6e6349bc063d070942f74304029eed1e9f94c0dcdb350e722af7ba95ac5985a5cf7b5c70b92ad5ffd0e
-
SSDEEP
12288:lcQON1oL7HVZqtg2rIhUcsZbmccOVJZiEO:vWKLfOjrEUcsZbdkt
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-