General
-
Target
MYPHOTOS.exe
-
Size
15.9MB
-
Sample
230206-2c3hdsgb79
-
MD5
35151bb08a3f6e507e4a325f0d5247dd
-
SHA1
91e7dabbe04e8fbf8656be4c31d31d10696fcc8b
-
SHA256
b4e3d9e3ee96e82f2cc91f9aebb3a5503e9e6bfe4f1487a3f9e7ef256570ffbe
-
SHA512
e28b2dbca67069727b8b760de1657255c0da9b6be74492d04217a4f1337657192ff0006fcc1824f8b024654a24122f6892d560b4a8ccc0765cc7572453edc9b5
-
SSDEEP
196608:Jlapsb2FYXSRUTuNAPqZcrG1IniBEj+9wf6JM75:J
Static task
static1
Behavioral task
behavioral1
Sample
MYPHOTOS.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
MYPHOTOS.exe
-
Size
15.9MB
-
MD5
35151bb08a3f6e507e4a325f0d5247dd
-
SHA1
91e7dabbe04e8fbf8656be4c31d31d10696fcc8b
-
SHA256
b4e3d9e3ee96e82f2cc91f9aebb3a5503e9e6bfe4f1487a3f9e7ef256570ffbe
-
SHA512
e28b2dbca67069727b8b760de1657255c0da9b6be74492d04217a4f1337657192ff0006fcc1824f8b024654a24122f6892d560b4a8ccc0765cc7572453edc9b5
-
SSDEEP
196608:Jlapsb2FYXSRUTuNAPqZcrG1IniBEj+9wf6JM75:J
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-