General
-
Target
3b28e3d07c4dd156f221c72f4f2b53ea.exe
-
Size
1006KB
-
Sample
240803-gqwa1szekc
-
MD5
3b28e3d07c4dd156f221c72f4f2b53ea
-
SHA1
c9f2ecb67b7ef1910af459d44386882d9238d72f
-
SHA256
f8a0e27af4b7dccf34efacd67fa9ad7857233e47f9742764bcc09f89bde84424
-
SHA512
2e363e989868342043553f80a346fa82fe01cb4988111a037172fa8e031ed82951b7beb49a28f53617ec307b204eafc75d0d1c16296f5b026d4c00a04a2df4db
-
SSDEEP
24576:fxj1COA6fYrK4O7+FZTYPhFrjuDl+QlclC:x1COZfT4O4ZTYX6Plc
Behavioral task
behavioral1
Sample
3b28e3d07c4dd156f221c72f4f2b53ea.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3b28e3d07c4dd156f221c72f4f2b53ea.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
stealc
doralands23
http://188.130.207.115
-
url_path
/8b4c5bd1ddc1cb18.php
Targets
-
-
Target
3b28e3d07c4dd156f221c72f4f2b53ea.exe
-
Size
1006KB
-
MD5
3b28e3d07c4dd156f221c72f4f2b53ea
-
SHA1
c9f2ecb67b7ef1910af459d44386882d9238d72f
-
SHA256
f8a0e27af4b7dccf34efacd67fa9ad7857233e47f9742764bcc09f89bde84424
-
SHA512
2e363e989868342043553f80a346fa82fe01cb4988111a037172fa8e031ed82951b7beb49a28f53617ec307b204eafc75d0d1c16296f5b026d4c00a04a2df4db
-
SSDEEP
24576:fxj1COA6fYrK4O7+FZTYPhFrjuDl+QlclC:x1COZfT4O4ZTYX6Plc
-
Detects HijackLoader (aka IDAT Loader)
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-