General
-
Target
5543.exe
-
Size
2.8MB
-
Sample
210122-w23rdmasrx
-
MD5
3667e43d85130fb90d07e4a725fe7b4a
-
SHA1
711dd470697df3e34ebcbf481ccc9852ac659bbe
-
SHA256
0beaf24e3a5b13f73b8ef67db0a52815b4948cbceea9a0e5159cfedd7ebb7462
-
SHA512
2ac9bed721e20b8a352ad41766b1b0eb79413b91d555bf942aaa6b66b47ef04f08a6594bbce649af95c09d7e1352a73db5120b8509a553b006544cdd7fb683db
Static task
static1
Behavioral task
behavioral1
Sample
5543.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
5543.exe
-
Size
2.8MB
-
MD5
3667e43d85130fb90d07e4a725fe7b4a
-
SHA1
711dd470697df3e34ebcbf481ccc9852ac659bbe
-
SHA256
0beaf24e3a5b13f73b8ef67db0a52815b4948cbceea9a0e5159cfedd7ebb7462
-
SHA512
2ac9bed721e20b8a352ad41766b1b0eb79413b91d555bf942aaa6b66b47ef04f08a6594bbce649af95c09d7e1352a73db5120b8509a553b006544cdd7fb683db
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-