General
-
Target
8fef3a062676cda862c7a3281f7c672f.exe
-
Size
29.5MB
-
Sample
230213-lyc7macd83
-
MD5
8fef3a062676cda862c7a3281f7c672f
-
SHA1
ec2d8e9278fb366d338f7c94d601f51c1db2e3a5
-
SHA256
9d2321341dc5804543514a81cab9aac8dbc52466c77bad98a3835819cb9d9c7d
-
SHA512
6f05faeb7dc04ee8adb2fa49cc4dfc0358edd2653a15600609826526fa352107df7cdd333141fcfc4c33c2b6cae087fe6ef44d48887add0b3fd3032ba6215c01
-
SSDEEP
786432:uZuA/ghq/LEGnD351tC9Tv55/DEhSslNRb6tg4dg9TqnQ:uz/g0N1kz55/0Sslveddg9UQ
Static task
static1
Behavioral task
behavioral1
Sample
8fef3a062676cda862c7a3281f7c672f.exe
Resource
win7-20220812-en
Malware Config
Extracted
aurora
185.106.93.247:8081
Targets
-
-
Target
8fef3a062676cda862c7a3281f7c672f.exe
-
Size
29.5MB
-
MD5
8fef3a062676cda862c7a3281f7c672f
-
SHA1
ec2d8e9278fb366d338f7c94d601f51c1db2e3a5
-
SHA256
9d2321341dc5804543514a81cab9aac8dbc52466c77bad98a3835819cb9d9c7d
-
SHA512
6f05faeb7dc04ee8adb2fa49cc4dfc0358edd2653a15600609826526fa352107df7cdd333141fcfc4c33c2b6cae087fe6ef44d48887add0b3fd3032ba6215c01
-
SSDEEP
786432:uZuA/ghq/LEGnD351tC9Tv55/DEhSslNRb6tg4dg9TqnQ:uz/g0N1kz55/0Sslveddg9UQ
-
Babadeda Crypter
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-