General
-
Target
5dd9c1ffc4a95d8f1636ce53a5d99997.bin
-
Size
300KB
-
Sample
240727-ce5m4azdrl
-
MD5
55b5b399b377aef61adb14b20474418a
-
SHA1
986858e1083f7b2300ce64a16a4468785985524a
-
SHA256
847afa66692be5af7d82952e61618118d68e567982034db883f6aa61d1e08ac5
-
SHA512
fb8bd0369e46c48ed7b2d222c5cc7e820179e5e7d788504dc1b14748cdb47fde465e5cbbd79f0cb3462d772bd10aeb1d3b1207e470d6d60dffe4737e134a1eb9
-
SSDEEP
6144:EhSKlyTDGc5//veW0yg8zCsj2U19dywhP82da8oevKlghOTeL9wQ01:QSK9wve6grsjJHVhE2daevkghOT0M1
Static task
static1
Behavioral task
behavioral1
Sample
d695267de534c2c99ec2823acc193fdbec9f398b0f78155ae2b982457ff631aa.exe
Resource
win7-20240704-en
Malware Config
Extracted
stealc
QLL
http://85.28.47.70
-
url_path
/744f169d372be841.php
Targets
-
-
Target
d695267de534c2c99ec2823acc193fdbec9f398b0f78155ae2b982457ff631aa.exe
-
Size
392KB
-
MD5
5dd9c1ffc4a95d8f1636ce53a5d99997
-
SHA1
38ae8bf6a0891b56ef5ff0c1476d92cecae34b83
-
SHA256
d695267de534c2c99ec2823acc193fdbec9f398b0f78155ae2b982457ff631aa
-
SHA512
148d1b324391c4bb63b152a3c91a586b6821c4f5cde2a3f7afa56ad92074672619554fba3b2baca9802ff1ed9b42081574163304d450f7ccf664638599b23c2a
-
SSDEEP
6144:VykkCFQ1esX/lLdp9k/dO/Yu0u9KIv7AGjTm7iIJ3Aqu4lQdvqb:lkUQ1esP01uYu0u9n08m/xV
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-