General
-
Target
Moist.exe
-
Size
814KB
-
Sample
200920-kmqkn73m3x
-
MD5
f855dffcbd21d4e4a59eed5a7a392af9
-
SHA1
178dc356191ebca6bf294525183212ac2e5a0bd8
-
SHA256
e44277fe9e90ba3107391676ad548812f33749da46db34ea877b1d6cdfb48d1b
-
SHA512
0a08d1242a13c85f0f88ef54b77400da1a5c20570163635274ab9f63514e4b8b46a912dab28e3cc8a25963e39ade97b6310437587475893ff4935b4819c8ffbc
Static task
static1
Behavioral task
behavioral1
Sample
Moist.exe
Resource
win7
Malware Config
Targets
-
-
Target
Moist.exe
-
Size
814KB
-
MD5
f855dffcbd21d4e4a59eed5a7a392af9
-
SHA1
178dc356191ebca6bf294525183212ac2e5a0bd8
-
SHA256
e44277fe9e90ba3107391676ad548812f33749da46db34ea877b1d6cdfb48d1b
-
SHA512
0a08d1242a13c85f0f88ef54b77400da1a5c20570163635274ab9f63514e4b8b46a912dab28e3cc8a25963e39ade97b6310437587475893ff4935b4819c8ffbc
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-