General
-
Target
7ad4282eca5f0d0ed47402d9c012b95623f114353cfd5f09aaf0aab343f8a8d7.exe
-
Size
547KB
-
Sample
241016-cz1vmssenj
-
MD5
8fb5af7543b739a0a7d46870881e25b5
-
SHA1
5f361388de4de6b71cc5643107da5c34ed7d5e3b
-
SHA256
7ad4282eca5f0d0ed47402d9c012b95623f114353cfd5f09aaf0aab343f8a8d7
-
SHA512
56aa65c4a424b34bf684d7910b7352c4545aaadca3ded3e2e57e6aea46ee34da439bd9abdb6ba7900654b911e70b3ca3db028ced38224eba26fcd2c882bd6fd8
-
SSDEEP
12288:SNgODcuwp3o4Lu1jdYIQW98/WQsxlKBG3zfuGKHyEO:+g4cVY0+YIQWa/fsxlKw3zfuGKSt
Static task
static1
Behavioral task
behavioral1
Sample
7ad4282eca5f0d0ed47402d9c012b95623f114353cfd5f09aaf0aab343f8a8d7.exe
Resource
win7-20240708-en
Malware Config
Extracted
stealc
default
http://46.8.231.109
-
url_path
/c4754d4f680ead72.php
Targets
-
-
Target
7ad4282eca5f0d0ed47402d9c012b95623f114353cfd5f09aaf0aab343f8a8d7.exe
-
Size
547KB
-
MD5
8fb5af7543b739a0a7d46870881e25b5
-
SHA1
5f361388de4de6b71cc5643107da5c34ed7d5e3b
-
SHA256
7ad4282eca5f0d0ed47402d9c012b95623f114353cfd5f09aaf0aab343f8a8d7
-
SHA512
56aa65c4a424b34bf684d7910b7352c4545aaadca3ded3e2e57e6aea46ee34da439bd9abdb6ba7900654b911e70b3ca3db028ced38224eba26fcd2c882bd6fd8
-
SSDEEP
12288:SNgODcuwp3o4Lu1jdYIQW98/WQsxlKBG3zfuGKHyEO:+g4cVY0+YIQWa/fsxlKw3zfuGKSt
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-