General
-
Target
9de7a0cbfc22bd31dd9ad8783b39e5bc0bdb9ce2f70e232252559474f9192315
-
Size
451KB
-
Sample
220215-jj9k6sdgfj
-
MD5
5e42414beb8222e215ce7566d94cd1aa
-
SHA1
6fa0f535080658b9eb1b361c42a631f0493c767c
-
SHA256
9de7a0cbfc22bd31dd9ad8783b39e5bc0bdb9ce2f70e232252559474f9192315
-
SHA512
b5120f8d0a935401b27c37a6703f28ed64f941d94834e5b84d380dc5a91a2f30cc739cae95b806367d0e1b0b934a38f6e15e1c85977a657def2670bfd4359df3
Static task
static1
Behavioral task
behavioral1
Sample
9de7a0cbfc22bd31dd9ad8783b39e5bc0bdb9ce2f70e232252559474f9192315.exe
Resource
win7-en-20211208
Malware Config
Extracted
cryptbot
kelnob72.top
morwex07.top
-
payload_url
http://butfwo19.top/download.php?file=balkis.exe
Targets
-
-
Target
9de7a0cbfc22bd31dd9ad8783b39e5bc0bdb9ce2f70e232252559474f9192315
-
Size
451KB
-
MD5
5e42414beb8222e215ce7566d94cd1aa
-
SHA1
6fa0f535080658b9eb1b361c42a631f0493c767c
-
SHA256
9de7a0cbfc22bd31dd9ad8783b39e5bc0bdb9ce2f70e232252559474f9192315
-
SHA512
b5120f8d0a935401b27c37a6703f28ed64f941d94834e5b84d380dc5a91a2f30cc739cae95b806367d0e1b0b934a38f6e15e1c85977a657def2670bfd4359df3
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-