General
-
Target
Neon.exe
-
Size
274KB
-
Sample
220314-rxx4asaeam
-
MD5
6d9153402403207366b080ff8154fe03
-
SHA1
69c7ed7b664cecd5a721677588f0904d381a4a49
-
SHA256
d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
-
SHA512
1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Static task
static1
Behavioral task
behavioral1
Sample
Neon.exe
Resource
win7-20220311-en
Malware Config
Extracted
44caliber
https://discord.com/api/webhooks/952308393677291551/Kwqtw7eOhhDiE0L0w2X3Hwo9TDPq265Rqw2_8lcfVw_arvjLeTNzn4AG-J-I4NctgVFh
Targets
-
-
Target
Neon.exe
-
Size
274KB
-
MD5
6d9153402403207366b080ff8154fe03
-
SHA1
69c7ed7b664cecd5a721677588f0904d381a4a49
-
SHA256
d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
-
SHA512
1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-