General
-
Target
StellarImpact.zip
-
Size
97.2MB
-
Sample
230125-q3hecsge76
-
MD5
5d9f5c85000581a107cff8b8eea3962a
-
SHA1
a9699e858e5f1419460e81178ecbd7073e5760f9
-
SHA256
5bbe111d51daae6e765db9073044e5e0efc29c7ae3d2417018c0dd93d7b15259
-
SHA512
fa57f8e50fb7423583b1c759633de8c64fe94540cb44ee8b65fcfa47b7606b6b77fbd7a8b7b89fdd83eb426d58e4253fad5ffe5e54078cd83a865835704563fb
-
SSDEEP
1572864:PS3cAxpOuBUPQRjDd10AqtzA+FfK3SRuzAxExNSZuXze6t1NHDpgW7TFRkm:PSP+PQFA1u+Ff/ShjSZuj/fNHDpg8Tkm
Static task
static1
Behavioral task
behavioral1
Sample
StellarImpact.zip
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
StellarImpact.zip
Resource
win7-20221111-en
Behavioral task
behavioral3
Sample
StellarImpact.zip
Resource
win10v2004-20221111-en
Malware Config
Extracted
aurora
45.15.156.206:8081
Targets
-
-
Target
StellarImpact.zip
-
Size
97.2MB
-
MD5
5d9f5c85000581a107cff8b8eea3962a
-
SHA1
a9699e858e5f1419460e81178ecbd7073e5760f9
-
SHA256
5bbe111d51daae6e765db9073044e5e0efc29c7ae3d2417018c0dd93d7b15259
-
SHA512
fa57f8e50fb7423583b1c759633de8c64fe94540cb44ee8b65fcfa47b7606b6b77fbd7a8b7b89fdd83eb426d58e4253fad5ffe5e54078cd83a865835704563fb
-
SSDEEP
1572864:PS3cAxpOuBUPQRjDd10AqtzA+FfK3SRuzAxExNSZuXze6t1NHDpgW7TFRkm:PSP+PQFA1u+Ff/ShjSZuj/fNHDpg8Tkm
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-