General
-
Target
working_attack.7z
-
Size
925KB
-
Sample
230115-by7fcscb6w
-
MD5
79c2ac9fb282708c97b2622b1dcf8428
-
SHA1
bbfeb1b3a9379ca5fd894b8c5afa0b95f5eef1b7
-
SHA256
db8eb8347ed084c3ee3707ad032743e350157abcaf2817e5f15777b20c554b7f
-
SHA512
2334c5568ec148985245936d8301e8677b0d6b9809943f1c705ab80572be150d598525df205b8902f8739322f1faa42eb52087048cf57164311002a8e32d2f5f
-
SSDEEP
24576:y7zYd9xdNsC/TbVTUGTL/g5zXCXPukSSw1hSD6xTBeJw6HXss5:ezY3bWYTUkhhSSuhS0G3s8
Static task
static1
Behavioral task
behavioral1
Sample
working_attack.7z
Resource
win7-20221111-es
Malware Config
Targets
-
-
Target
working_attack.7z
-
Size
925KB
-
MD5
79c2ac9fb282708c97b2622b1dcf8428
-
SHA1
bbfeb1b3a9379ca5fd894b8c5afa0b95f5eef1b7
-
SHA256
db8eb8347ed084c3ee3707ad032743e350157abcaf2817e5f15777b20c554b7f
-
SHA512
2334c5568ec148985245936d8301e8677b0d6b9809943f1c705ab80572be150d598525df205b8902f8739322f1faa42eb52087048cf57164311002a8e32d2f5f
-
SSDEEP
24576:y7zYd9xdNsC/TbVTUGTL/g5zXCXPukSSw1hSD6xTBeJw6HXss5:ezY3bWYTUkhhSSuhS0G3s8
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-