General
-
Target
theif.exe
-
Size
20.9MB
-
Sample
230204-xxrjeaec38
-
MD5
60b946877ef1b74c508aa163c442162c
-
SHA1
1971af2feec5c2c26ec60c5c9a8d600d8c41ac71
-
SHA256
fbc7270e46dccaae9cc0c07441d5c5248463e237845a8334241147182b2f618c
-
SHA512
9b6f3ab377e743122c80dd84fb146a28fe87b1bd21cd7475839ca32b558b8c05b967d273f78fb311a63016c7b58ad9062d196702aca747632daaea84de17f57e
-
SSDEEP
393216:VhoVRsiaZS9dM/ISWdQ2lH/m3pI+9J5eX/H4i5/Z4JH3qXeSI:VhoHsiakT6ISWdQ0KX9J5eX/Y/a
Behavioral task
behavioral1
Sample
theif.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
theif.exe
-
Size
20.9MB
-
MD5
60b946877ef1b74c508aa163c442162c
-
SHA1
1971af2feec5c2c26ec60c5c9a8d600d8c41ac71
-
SHA256
fbc7270e46dccaae9cc0c07441d5c5248463e237845a8334241147182b2f618c
-
SHA512
9b6f3ab377e743122c80dd84fb146a28fe87b1bd21cd7475839ca32b558b8c05b967d273f78fb311a63016c7b58ad9062d196702aca747632daaea84de17f57e
-
SSDEEP
393216:VhoVRsiaZS9dM/ISWdQ2lH/m3pI+9J5eX/H4i5/Z4JH3qXeSI:VhoHsiakT6ISWdQ0KX9J5eX/Y/a
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-