General
-
Target
WWSBot.exe
-
Size
307.5MB
-
Sample
230327-jl3kmscd26
-
MD5
9be38374c8a6d743747494d645dbe76b
-
SHA1
123c3a9149b00d50c2b20aada2c6ae9f3cce55e5
-
SHA256
9ca89cf3afe2d41cedf5c361a43388d90c6e69ff7625e0209c4b135b2e448d45
-
SHA512
29dbda5921deb999010379a996f16f0640de891dc85f36e4175f3ec0dd381bfe8c52da05d42408d4b036427ba8d4c00f79149d25280b4cffc291cdb4e0643727
-
SSDEEP
24576:tN+qbmS6e/1ijwnQFpP1CJUmWw5/Ky9YawDZoaZC0gvbm49kLDA5gHdf6sxJwESo:WqbmSL/0wnQX1C3gk+lKbyf/z1
Static task
static1
Behavioral task
behavioral1
Sample
WWSBot.exe
Resource
win7-20230220-en
Malware Config
Extracted
aurora
94.142.138.29:8081
Targets
-
-
Target
WWSBot.exe
-
Size
307.5MB
-
MD5
9be38374c8a6d743747494d645dbe76b
-
SHA1
123c3a9149b00d50c2b20aada2c6ae9f3cce55e5
-
SHA256
9ca89cf3afe2d41cedf5c361a43388d90c6e69ff7625e0209c4b135b2e448d45
-
SHA512
29dbda5921deb999010379a996f16f0640de891dc85f36e4175f3ec0dd381bfe8c52da05d42408d4b036427ba8d4c00f79149d25280b4cffc291cdb4e0643727
-
SSDEEP
24576:tN+qbmS6e/1ijwnQFpP1CJUmWw5/Ky9YawDZoaZC0gvbm49kLDA5gHdf6sxJwESo:WqbmSL/0wnQX1C3gk+lKbyf/z1
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-