General
-
Target
54c87130b16079039f3b1e1f406a794669ef4f66f3d26ebde713491e03a1ee08.exe
-
Size
547KB
-
Sample
241016-b5kvya1arl
-
MD5
13c1457715e69ef1841b4f43b015f17c
-
SHA1
00351a156c60b8e1592b858a72a5ebd3ac50313c
-
SHA256
54c87130b16079039f3b1e1f406a794669ef4f66f3d26ebde713491e03a1ee08
-
SHA512
4aeb8d8a5469c5be81ad3093f9a636f8ee46d1ecb998d5c524ce01f8c0158a8b273c9a519231aa3953f4f5e77e82d914f0afe6a9579d927d1db24a71ddefccc2
-
SSDEEP
12288:RdwuDcuwp7l+Jp6fovyrlNqtoHDozeTahf9s+8vXV8KHfEO:jwYcVBGpnvyrHH8ze2hf9sP98K/t
Static task
static1
Behavioral task
behavioral1
Sample
54c87130b16079039f3b1e1f406a794669ef4f66f3d26ebde713491e03a1ee08.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
54c87130b16079039f3b1e1f406a794669ef4f66f3d26ebde713491e03a1ee08.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
stealc
default
http://46.8.231.109
-
url_path
/c4754d4f680ead72.php
Targets
-
-
Target
54c87130b16079039f3b1e1f406a794669ef4f66f3d26ebde713491e03a1ee08.exe
-
Size
547KB
-
MD5
13c1457715e69ef1841b4f43b015f17c
-
SHA1
00351a156c60b8e1592b858a72a5ebd3ac50313c
-
SHA256
54c87130b16079039f3b1e1f406a794669ef4f66f3d26ebde713491e03a1ee08
-
SHA512
4aeb8d8a5469c5be81ad3093f9a636f8ee46d1ecb998d5c524ce01f8c0158a8b273c9a519231aa3953f4f5e77e82d914f0afe6a9579d927d1db24a71ddefccc2
-
SSDEEP
12288:RdwuDcuwp7l+Jp6fovyrlNqtoHDozeTahf9s+8vXV8KHfEO:jwYcVBGpnvyrHH8ze2hf9sP98K/t
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-