General
-
Target
innosetup-6.2.1.exe
-
Size
7.4MB
-
Sample
230226-lerkxage45
-
MD5
5253a5a1631e8dfec0d91393656071c8
-
SHA1
13db3be759b3d1746f08c7e40a64e06b840d5fb9
-
SHA256
40a3561b321f01b715274144fb75d79e4d3437cf10dcee86818b9a02f8849d20
-
SHA512
42d1591f7106e61ed3892e377e4b265cafc14c28fb3c61fa4578b6d5c2d78ad3a840c9a9c1436f2c23e9200df38b1084a7088ca62bb3265122e52db0dea61dc1
-
SSDEEP
24576:x94s6V9vqyQT0iAw7vyc6CD8aH465hV27+TYF5otaz4ihmfg0dGRX8N1f+2b39Yh:x9h6V9vq/AwryFCJCh1z1
Static task
static1
Behavioral task
behavioral1
Sample
innosetup-6.2.1.exe
Resource
win7-20230220-en
Malware Config
Extracted
aurora
94.142.138.71:8081
Targets
-
-
Target
innosetup-6.2.1.exe
-
Size
7.4MB
-
MD5
5253a5a1631e8dfec0d91393656071c8
-
SHA1
13db3be759b3d1746f08c7e40a64e06b840d5fb9
-
SHA256
40a3561b321f01b715274144fb75d79e4d3437cf10dcee86818b9a02f8849d20
-
SHA512
42d1591f7106e61ed3892e377e4b265cafc14c28fb3c61fa4578b6d5c2d78ad3a840c9a9c1436f2c23e9200df38b1084a7088ca62bb3265122e52db0dea61dc1
-
SSDEEP
24576:x94s6V9vqyQT0iAw7vyc6CD8aH465hV27+TYF5otaz4ihmfg0dGRX8N1f+2b39Yh:x9h6V9vq/AwryFCJCh1z1
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-