General
-
Target
e00d79d79815ef47cf0d5ec5f3e76656.exe
-
Size
830KB
-
Sample
210506-6jcrkxmxyj
-
MD5
e00d79d79815ef47cf0d5ec5f3e76656
-
SHA1
79efabc933ddf9406da1a761d60bfe453a930a06
-
SHA256
6e8dafc9ac2e48e6b42dd15ce4c49d0dc0a83e6ca93fafeec8b87244ec05dea0
-
SHA512
ce6983ff7ec3e3dd0ccb53ce93e8a3f8164da2d919defdf44d5ef6f7faab6ace375a58846e29836743018a8a9ff8917fc05e9d277b2aeead577b9aad33b20652
Static task
static1
Behavioral task
behavioral1
Sample
e00d79d79815ef47cf0d5ec5f3e76656.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
e00d79d79815ef47cf0d5ec5f3e76656.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
e00d79d79815ef47cf0d5ec5f3e76656.exe
-
Size
830KB
-
MD5
e00d79d79815ef47cf0d5ec5f3e76656
-
SHA1
79efabc933ddf9406da1a761d60bfe453a930a06
-
SHA256
6e8dafc9ac2e48e6b42dd15ce4c49d0dc0a83e6ca93fafeec8b87244ec05dea0
-
SHA512
ce6983ff7ec3e3dd0ccb53ce93e8a3f8164da2d919defdf44d5ef6f7faab6ace375a58846e29836743018a8a9ff8917fc05e9d277b2aeead577b9aad33b20652
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-