General
-
Target
ca9d5e8d1c89d2d5e17e8012fa40e590f1628c5aa473a489076d488aecc05b22.bin
-
Size
2.2MB
-
Sample
220301-wt6cqacfer
-
MD5
afc947b8654fcfbb2d103b0ac29f6c9e
-
SHA1
0f09a1b78ed6f12d767aad515516637cb0b2b0cc
-
SHA256
ca9d5e8d1c89d2d5e17e8012fa40e590f1628c5aa473a489076d488aecc05b22
-
SHA512
63bb86c6766f6c34e26d68c73b8d526ca94334375c3986ab81587515c7ac07dac1e12b1c2ab3be9a48e9fbb7009e35bd18d3285974fbb47db5cf1544236e3f3c
Static task
static1
Behavioral task
behavioral1
Sample
ca9d5e8d1c89d2d5e17e8012fa40e590f1628c5aa473a489076d488aecc05b22.exe
Resource
win7-en-20211208
Malware Config
Extracted
44caliber
https://discord.com/api/webhooks/839168546582954067/texAC9z_H7M0ROD6-MdvYy3D-z8YyP9fYGPhFfDYeop5TtilvsKNxw5QrTXStp-JwQ9R
Targets
-
-
Target
ca9d5e8d1c89d2d5e17e8012fa40e590f1628c5aa473a489076d488aecc05b22.bin
-
Size
2.2MB
-
MD5
afc947b8654fcfbb2d103b0ac29f6c9e
-
SHA1
0f09a1b78ed6f12d767aad515516637cb0b2b0cc
-
SHA256
ca9d5e8d1c89d2d5e17e8012fa40e590f1628c5aa473a489076d488aecc05b22
-
SHA512
63bb86c6766f6c34e26d68c73b8d526ca94334375c3986ab81587515c7ac07dac1e12b1c2ab3be9a48e9fbb7009e35bd18d3285974fbb47db5cf1544236e3f3c
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-