General
-
Target
5ac4e25d430c304c15c9d83bbb5dbef0d290cb5e517bbf92899ddb63fde1e43f
-
Size
2.4MB
-
Sample
240701-e1zebawdrf
-
MD5
b20d1e84ee4932c0d7a1d271a2c68436
-
SHA1
a0665e1a3f7f678aef6507c4cfc258e8aae5c261
-
SHA256
5ac4e25d430c304c15c9d83bbb5dbef0d290cb5e517bbf92899ddb63fde1e43f
-
SHA512
c063a804c17f80908c564696e44710f916257c7c3ad55f11c86e76aaa92000f09a356e56d78f1b59f174190c6c5465c7eda759303ddd320cf32b02a84d517d17
-
SSDEEP
49152:eTblBDqbYpQvG9NZwcpyx6mRCpbf6/UGmt1wBhgS7YLs/r0KaUJ25i:KblhqbYqv4NKcplm2usGGwBX8LsoKaCB
Static task
static1
Behavioral task
behavioral1
Sample
5ac4e25d430c304c15c9d83bbb5dbef0d290cb5e517bbf92899ddb63fde1e43f.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
stealc
default
http://85.28.47.4
-
url_path
/920475a59bac849d.php
Targets
-
-
Target
5ac4e25d430c304c15c9d83bbb5dbef0d290cb5e517bbf92899ddb63fde1e43f
-
Size
2.4MB
-
MD5
b20d1e84ee4932c0d7a1d271a2c68436
-
SHA1
a0665e1a3f7f678aef6507c4cfc258e8aae5c261
-
SHA256
5ac4e25d430c304c15c9d83bbb5dbef0d290cb5e517bbf92899ddb63fde1e43f
-
SHA512
c063a804c17f80908c564696e44710f916257c7c3ad55f11c86e76aaa92000f09a356e56d78f1b59f174190c6c5465c7eda759303ddd320cf32b02a84d517d17
-
SSDEEP
49152:eTblBDqbYpQvG9NZwcpyx6mRCpbf6/UGmt1wBhgS7YLs/r0KaUJ25i:KblhqbYqv4NKcplm2usGGwBX8LsoKaCB
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-