General
-
Target
C4Client.exe
-
Size
1016KB
-
Sample
230329-g1gwdafa48
-
MD5
77081f23b31d05de271d128eebceb4bc
-
SHA1
f06c4dd766c4784d6b513ca9bad819494e726c8b
-
SHA256
10b527427042ca32d0683e016e2b5458799363d68bb4ee616b66ffdcd9377585
-
SHA512
584db879c3360ec08d5f0e6bf08c87971b17ccf159674874fb5f54207087ef22ca953a9fe660d84c739e49621283ca3919b40735adad14e96eb4951c7dcd4c35
-
SSDEEP
3072:0nTjRD5V730BSng7tJr8Khw6pItWgAEqjAxou3e7BNIdOAg0FujDvktlL0BjMwmk:G1V7h2r/hwNWgAEqjAKmkAOECjMwm
Static task
static1
Behavioral task
behavioral1
Sample
C4Client.exe
Resource
win7-20230220-en
Malware Config
Extracted
aurora
107.182.129.73:8081
Targets
-
-
Target
C4Client.exe
-
Size
1016KB
-
MD5
77081f23b31d05de271d128eebceb4bc
-
SHA1
f06c4dd766c4784d6b513ca9bad819494e726c8b
-
SHA256
10b527427042ca32d0683e016e2b5458799363d68bb4ee616b66ffdcd9377585
-
SHA512
584db879c3360ec08d5f0e6bf08c87971b17ccf159674874fb5f54207087ef22ca953a9fe660d84c739e49621283ca3919b40735adad14e96eb4951c7dcd4c35
-
SSDEEP
3072:0nTjRD5V730BSng7tJr8Khw6pItWgAEqjAxou3e7BNIdOAg0FujDvktlL0BjMwmk:G1V7h2r/hwNWgAEqjAKmkAOECjMwm
-
Modifies security service
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Stops running service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-