General

  • Target

    f234b6d1801e1d4105de18a74ecd99f64cbdd7c47d6079bb2994d38ed7b0de44.bin

  • Size

    120KB

  • Sample

    220216-n7n2labfd7

  • MD5

    b3fc46850b5a965b6c042fdb9b8a928d

  • SHA1

    48de02bb71a3434675d767114692c2741e374fd9

  • SHA256

    f234b6d1801e1d4105de18a74ecd99f64cbdd7c47d6079bb2994d38ed7b0de44

  • SHA512

    905cb59bd5d0e0f7d523e50c16b804c23d000d6d501b84abecc13e2d79f40879f9e4455dd969e25d33cc493d041b985cebccaa332704839f2170459539c8d7ee

Score
10/10

Malware Config

Extracted

Family

allcome

C2

http://dba692117be7b6d3480fe5220fdd58b38bf.xyz/exp.php?usr=ssska

Wallets

rGWRCDTnxm6PbeTquXpfGaJUCdJPQa9YCU

THd43QUSXYv3uuHuvg1TtnDx1LZghcxoEW

GCQ3W4M3FC7JQ7XS5QVUFJATPPRP7XOBJOBCQLQVHG5WHISN4HKJRZZG

47hVDokEdB8HbH7eKR7DLgeDXm7m6q3JmWRzBAgNq5jHEZecWrdzp1sTE1EXRU5rAj2roRSYnzvTxaxq4nDdVdGdTQAsH1y

qq6qmn7hewgsnesl2xjh7vjqf2cg2ysdhusx5jjygs

bc1qqpuu63gd8v87yvkjw6zgwr7u5plx5hs5z4khje

0xfaCC30908F531Badecb2e8B21E182520484Fb66B

Ldh6yphmCg3gLkigDchATQN9Wbj7K6Zdzy

Targets

    • Target

      f234b6d1801e1d4105de18a74ecd99f64cbdd7c47d6079bb2994d38ed7b0de44.bin

    • Size

      120KB

    • MD5

      b3fc46850b5a965b6c042fdb9b8a928d

    • SHA1

      48de02bb71a3434675d767114692c2741e374fd9

    • SHA256

      f234b6d1801e1d4105de18a74ecd99f64cbdd7c47d6079bb2994d38ed7b0de44

    • SHA512

      905cb59bd5d0e0f7d523e50c16b804c23d000d6d501b84abecc13e2d79f40879f9e4455dd969e25d33cc493d041b985cebccaa332704839f2170459539c8d7ee

    Score
    10/10
    • Allcome

      A clipbanker that supports stealing different cryptocurrency wallets and payment forms.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks