General
-
Target
407bf60ae277abe6ea397d4978057ffb691b42a77dbb7a1e0f79c5579021ee13N
-
Size
516KB
-
Sample
241014-nlp2rstgrh
-
MD5
df46a858a8ea4a3816e5cda5e7d56ac0
-
SHA1
b1befe306658d2fdd78f341b24271e684c371f82
-
SHA256
407bf60ae277abe6ea397d4978057ffb691b42a77dbb7a1e0f79c5579021ee13
-
SHA512
a3e4c842f4e9b4b79a6d680064f87676811c2be30168e3a0400a5aa32aca79b99eb52675077f948c7060c3643acb7af9385063c40893b904b6eec7ce81329975
-
SSDEEP
12288:bAQApwbeNWSvPR3RRl20zqpHkf0chpZzGYwETEO:8QSvP3RJzAHkf0oIpmt
Static task
static1
Behavioral task
behavioral1
Sample
407bf60ae277abe6ea397d4978057ffb691b42a77dbb7a1e0f79c5579021ee13N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
407bf60ae277abe6ea397d4978057ffb691b42a77dbb7a1e0f79c5579021ee13N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
stealc
default6_doz
http://62.204.41.150
-
url_path
/edd20096ecef326d.php
Targets
-
-
Target
407bf60ae277abe6ea397d4978057ffb691b42a77dbb7a1e0f79c5579021ee13N
-
Size
516KB
-
MD5
df46a858a8ea4a3816e5cda5e7d56ac0
-
SHA1
b1befe306658d2fdd78f341b24271e684c371f82
-
SHA256
407bf60ae277abe6ea397d4978057ffb691b42a77dbb7a1e0f79c5579021ee13
-
SHA512
a3e4c842f4e9b4b79a6d680064f87676811c2be30168e3a0400a5aa32aca79b99eb52675077f948c7060c3643acb7af9385063c40893b904b6eec7ce81329975
-
SSDEEP
12288:bAQApwbeNWSvPR3RRl20zqpHkf0chpZzGYwETEO:8QSvP3RJzAHkf0oIpmt
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-