General
-
Target
tviewplus-main.zip
-
Size
7.1MB
-
Sample
230124-y6aspadf27
-
MD5
10fe158559700256f2f4291edd5290c6
-
SHA1
6694db684af6dd201439a9819932f1002d1fa5e9
-
SHA256
bcb3e8afb89fb561c98bd0bb0e26f63d9b664e546eb4aa37cb806443e406f6d6
-
SHA512
dad7c782168532505bde703bdcd511f74709d0d6b1380ebc96318d8093bfcce3098a3671328c4e7c189de7c28bf4774416d26d07c34cc4f5e77e3ea873a8cf46
-
SSDEEP
196608:WPokJE1hVn0CfiVB3o6xY8icdCyjfjjfEt:WPoT1hVnDABO8iWCyjf0t
Static task
static1
Behavioral task
behavioral1
Sample
tviewplus-main/Tradingview_Plus.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
tviewplus-main/Tradingview_Plus.exe
-
Size
11.9MB
-
MD5
397a3e87be96b562e99905a218a8c73e
-
SHA1
745d869a66f44825fdb0acfe200733fc017236c9
-
SHA256
b8dfa620add678322d2d1bcb7ca60d88ed3f78f949e54fa47de716404d1ccd53
-
SHA512
7c19e7308a2457eee51c3863a05e9140bbc6481a8fcf8cbb32279860efc4586c3a94bd35cbed5ae18f754399935123ea87a24f948c260c110595796bbf7f5551
-
SSDEEP
98304:3Vpe19iPDFxl5Pmya/NtCIBzEtmza3xtYMuqjqK0ArI1j0SiFjVt6o10GOAvyN6Z:Fp0CBof/BBamza3xGqmkgjkAzwy0
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-