General
-
Target
Handler.exe
-
Size
14.0MB
-
Sample
230331-ydr69sch38
-
MD5
e49220d87ac77b34c560a104aab93029
-
SHA1
5fee0d29cf13f57d25630aafc1a4bb618217908a
-
SHA256
f894747a8304c97231ab8daa14042c3b6e0cbcaa663ec1ccf368e8578cee703f
-
SHA512
701bd886ffc820105b3e852d22ec7cd6c686ce11501580950ee7b0f2cde6c31c88ecccd67947a4946ed0f3194e23ba488f60619b0e8e45acd3192671162a73eb
-
SSDEEP
393216:q0XUEdQuslN/m3pqq96voWOv+9fIWBJHsJmF3zvHO:/dQu4KhQvorvSQ06mFDvu
Behavioral task
behavioral1
Sample
Handler.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
Handler.exe
-
Size
14.0MB
-
MD5
e49220d87ac77b34c560a104aab93029
-
SHA1
5fee0d29cf13f57d25630aafc1a4bb618217908a
-
SHA256
f894747a8304c97231ab8daa14042c3b6e0cbcaa663ec1ccf368e8578cee703f
-
SHA512
701bd886ffc820105b3e852d22ec7cd6c686ce11501580950ee7b0f2cde6c31c88ecccd67947a4946ed0f3194e23ba488f60619b0e8e45acd3192671162a73eb
-
SSDEEP
393216:q0XUEdQuslN/m3pqq96voWOv+9fIWBJHsJmF3zvHO:/dQu4KhQvorvSQ06mFDvu
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-