General
-
Target
C4Loader.rar
-
Size
130KB
-
Sample
230310-1pxl8sfd83
-
MD5
931ddbdafed0212e3b1da2460907950c
-
SHA1
57d23f7f836befc775cc3f790115b65a503d158a
-
SHA256
c4d92f2b4fe82c7eca69558a5e62e270e0486ce0fcffe51aa72ed2ed104cb7e8
-
SHA512
a8e9cf280ebf4070f3d7133c9eb63929da81e98de8fc2be0b90e0d1e58204406b4cbe7b6a92a99e5417434d39f3fc2b791bc4a749989d0c4955f6346cf5f8c4d
-
SSDEEP
3072:krhy/OohnJqAvej6Svh6m2aBg6gwFTbFwLyTh2ShCCpqC:ihMhnUj6SMyBg6gwH80hI4
Static task
static1
Behavioral task
behavioral1
Sample
C4Loader.exe
Resource
win7-20230220-en
Malware Config
Extracted
aurora
107.182.129.73:8081
Targets
-
-
Target
C4Loader.exe
-
Size
687.8MB
-
MD5
66a41bcddbef0ad226adda334fc38ae6
-
SHA1
3128d77a2d71d1fc520d302f2d6a12f0c3c47a09
-
SHA256
36f02f949c036b047e57b6319d246805a710ad119850988c70b7de96b139658a
-
SHA512
541fcd5bf78329a2ccf2ad722b63bcc749bc357911bcd1a15748774a054713096906835245486e85a4766a6960a4da0cb203cdf22e0a37471745c1a4d17b5dea
-
SSDEEP
3072:ZwiwPz+huH7liXb6QF45A6Nmn0+Q/ycdIwYioOAg0FujDgtNs1bDew:CiEoX2Qm5A10+QacpDAOIs1bDew
-
Modifies security service
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Stops running service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-