General
-
Target
86bedd686c138123e7a83e55b3151bed6561a46c8eb6f54e4c7640c5aa3000c1
-
Size
947KB
-
Sample
241016-a3xlaathnh
-
MD5
56679b3ab7141ba6611aee1773824949
-
SHA1
cf12d19b10ca05f74fbdda7430726617cf107d17
-
SHA256
86bedd686c138123e7a83e55b3151bed6561a46c8eb6f54e4c7640c5aa3000c1
-
SHA512
7c6999b44d28e654d8b75d4940f8151168ac5e28b6ade411147f4a6d2842113e24223fac8e54c464ec46e0f4c582291f62e56b19417235bc714f5b9577075159
-
SSDEEP
24576:8J0amQkhdPT4G7/RXR0Zj+SMvUhbHefkjY45JRKML:86avkhdPT4G7/9SMvW+qRKS
Static task
static1
Behavioral task
behavioral1
Sample
86bedd686c138123e7a83e55b3151bed6561a46c8eb6f54e4c7640c5aa3000c1.exe
Resource
win7-20240708-en
Malware Config
Extracted
stealc
default
https://steamcommunity.com/profiles/76561198035868993
-
url_path
/43e1e04e93874aba.php
Targets
-
-
Target
86bedd686c138123e7a83e55b3151bed6561a46c8eb6f54e4c7640c5aa3000c1
-
Size
947KB
-
MD5
56679b3ab7141ba6611aee1773824949
-
SHA1
cf12d19b10ca05f74fbdda7430726617cf107d17
-
SHA256
86bedd686c138123e7a83e55b3151bed6561a46c8eb6f54e4c7640c5aa3000c1
-
SHA512
7c6999b44d28e654d8b75d4940f8151168ac5e28b6ade411147f4a6d2842113e24223fac8e54c464ec46e0f4c582291f62e56b19417235bc714f5b9577075159
-
SSDEEP
24576:8J0amQkhdPT4G7/RXR0Zj+SMvUhbHefkjY45JRKML:86avkhdPT4G7/9SMvW+qRKS
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4