General
-
Target
fb005014a98cb603229174d78c0d4045.exe
-
Size
830KB
-
Sample
210506-5kw7ysdeb2
-
MD5
fb005014a98cb603229174d78c0d4045
-
SHA1
cf033f3a3cb55df35d95acd8f00f7e076c2bcc0f
-
SHA256
c97b731d2d70f964dbe2775fcf0fd7cf0d7ff68a0fdb31c3038a9c97ca4da6b4
-
SHA512
b41087944c5077a3f283ef253e379c6bf2448a3739ea2fa63503c95d8ee6b770ce42ad7dfe9aaca6332d1b418e923b7f24c937056e95e6685a8462818cf9125d
Static task
static1
Behavioral task
behavioral1
Sample
fb005014a98cb603229174d78c0d4045.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
fb005014a98cb603229174d78c0d4045.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
fb005014a98cb603229174d78c0d4045.exe
-
Size
830KB
-
MD5
fb005014a98cb603229174d78c0d4045
-
SHA1
cf033f3a3cb55df35d95acd8f00f7e076c2bcc0f
-
SHA256
c97b731d2d70f964dbe2775fcf0fd7cf0d7ff68a0fdb31c3038a9c97ca4da6b4
-
SHA512
b41087944c5077a3f283ef253e379c6bf2448a3739ea2fa63503c95d8ee6b770ce42ad7dfe9aaca6332d1b418e923b7f24c937056e95e6685a8462818cf9125d
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-