General
-
Target
296281f1f12acb1b777d311323541065639683e2da9f883d56c35721c222e0d8.exe
-
Size
389KB
-
Sample
240716-sknvjaycmj
-
MD5
9118cf2062624b30c1bcfc306fc134d8
-
SHA1
950c3ec72a426e666aaa5c1a4e29fef1f8eab51c
-
SHA256
296281f1f12acb1b777d311323541065639683e2da9f883d56c35721c222e0d8
-
SHA512
2d4684a6be4d77f170ff52ccfff7f7e94e87fbcb70388ff0a56759f7fa95047749a7ef4833b02d53eb039de9111901f23bedcd5d33e81a90dc863cd23b0f79af
-
SSDEEP
6144:7lgLgy0iFkeLnCUcx/IcoN6O2MW61lV43JY5RaIOhZNWT+8VhIgBcbjWuzD2di8A:7ViFHnC5d80CR5OhZQfhIJba1i84EO
Static task
static1
Behavioral task
behavioral1
Sample
296281f1f12acb1b777d311323541065639683e2da9f883d56c35721c222e0d8.exe
Resource
win7-20240704-en
Malware Config
Extracted
stealc
default
http://85.28.47.101
-
url_path
/f3ee98d7eec07fb9.php
Targets
-
-
Target
296281f1f12acb1b777d311323541065639683e2da9f883d56c35721c222e0d8.exe
-
Size
389KB
-
MD5
9118cf2062624b30c1bcfc306fc134d8
-
SHA1
950c3ec72a426e666aaa5c1a4e29fef1f8eab51c
-
SHA256
296281f1f12acb1b777d311323541065639683e2da9f883d56c35721c222e0d8
-
SHA512
2d4684a6be4d77f170ff52ccfff7f7e94e87fbcb70388ff0a56759f7fa95047749a7ef4833b02d53eb039de9111901f23bedcd5d33e81a90dc863cd23b0f79af
-
SSDEEP
6144:7lgLgy0iFkeLnCUcx/IcoN6O2MW61lV43JY5RaIOhZNWT+8VhIgBcbjWuzD2di8A:7ViFHnC5d80CR5OhZQfhIJba1i84EO
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-