General
-
Target
123.dll
-
Size
244KB
-
Sample
210721-x52g6e63m6
-
MD5
24190cd699631d16521dfb588b2571a3
-
SHA1
546a86929e82babd0ee6f970d7729e3bf6a14698
-
SHA256
99c4b9083ed613bc38904eec3e37d24d3ca092067ee54e373cc3c8d6339857a6
-
SHA512
fd3123ababc536c2530785d52b3323c1250da0d41e18574ee2877013c6ac033f08157e1221cb3b01d971a3e214eba19bbcc4d29b3ea482cc52b433ecb6eacb21
Static task
static1
Behavioral task
behavioral1
Sample
123.dll
Resource
win7v20210410
Behavioral task
behavioral2
Sample
123.dll
Resource
win10v20210410
Malware Config
Extracted
hancitor
1907_hjfsd
http://thervidolown.com/8/forum.php
http://wiltuslads.ru/8/forum.php
http://anithedtatione.ru/8/forum.php
Extracted
fickerstealer
pospvisis.com:80
Targets
-
-
Target
123.dll
-
Size
244KB
-
MD5
24190cd699631d16521dfb588b2571a3
-
SHA1
546a86929e82babd0ee6f970d7729e3bf6a14698
-
SHA256
99c4b9083ed613bc38904eec3e37d24d3ca092067ee54e373cc3c8d6339857a6
-
SHA512
fd3123ababc536c2530785d52b3323c1250da0d41e18574ee2877013c6ac033f08157e1221cb3b01d971a3e214eba19bbcc4d29b3ea482cc52b433ecb6eacb21
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-