General
-
Target
C4Launcher.rar
-
Size
106KB
-
Sample
230403-wvzxbsab6v
-
MD5
e541c3973dcfdf5c1913f945ac7e806b
-
SHA1
89f2f2fa085476d53196a9873259c184bc1713b3
-
SHA256
1b73240f522c59e275e524dac1aec41bd06a9aba0a894f90744129da2aa955f9
-
SHA512
aa25d79208cd7d1dc6755b4b689284dd3a767fd5fb8880a9ffd192820338ef76e9b095b125c7127b4f40d937baba34a29faa534824be9235bcb63be8bb4e824f
-
SSDEEP
3072:wAuoFDwVm05agh46fmTrbGNOdTpgzEJxJxw1GsGdJDfyQB7:wcDYzah6fOrbGNORpbtxw1UPXR
Static task
static1
Behavioral task
behavioral1
Sample
C4Launcher.exe
Resource
win7-20230220-en
Malware Config
Extracted
aurora
107.182.129.73:8081
Targets
-
-
Target
C4Launcher.exe
-
Size
855KB
-
MD5
18014fc649434b87bc636b177c3681fa
-
SHA1
7b021861b19aa3f9d8ee155b0b7b7393e1e09b61
-
SHA256
5602954abc2dc945783dcba2d749d801f88f790fca8b3eeef99ca493a2a2763b
-
SHA512
46535652f7559da293c5e9e5c03d48d8417dea6e4d1012a67bae1b0da45c6c5ad76ea0d17968b87c6fbd3963b7708640136f8477ff69a867a3aeb4fd3b0dcd38
-
SSDEEP
3072:NBAN1gjFgmYSg25SYDGFHUNR1ZvhfKEaO7j9fDgjMKs:4egmLgmCeNXfPJDQMKs
-
Modifies security service
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Stops running service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-