77a61e6ed342066b18f2ece8fbf1aaf2dfafae4f564646c8b9e839789781f8ee | Triage

Sharing

Copy URL Twitter E-mail

General

Target

KodTheDavinchi.exe
Size

312KB
Sample

230419-mf2b6sbg4x
MD5

f1e2f83a7d05916f67a8448613eaa08e
SHA1

bff6b32e9ab5cc776290749e7c904cd7e7364c4f
SHA256

77a61e6ed342066b18f2ece8fbf1aaf2dfafae4f564646c8b9e839789781f8ee
SHA512

fc86072c2fa57e7c7ce665451dbfa1b038410d566e312cc55a6f83502135253b6a03c0742b63cb415895176c335d9a73ba4a947c0099c0305f83ad369ff5393c
SSDEEP

6144:PkVfsqTfm3doynWm2ENVVUmKMW+7KQgNHY3GOn:PkxsSf+FnWm2EDV/d7KZNHa

Score

6^/10

spyware

Malware Config

Targets

- Target
  
  KodTheDavinchi.exe
- Size
  
  312KB
- MD5
  
  f1e2f83a7d05916f67a8448613eaa08e
- SHA1
  
  bff6b32e9ab5cc776290749e7c904cd7e7364c4f
- SHA256
  
  77a61e6ed342066b18f2ece8fbf1aaf2dfafae4f564646c8b9e839789781f8ee
- SHA512
  
  fc86072c2fa57e7c7ce665451dbfa1b038410d566e312cc55a6f83502135253b6a03c0742b63cb415895176c335d9a73ba4a947c0099c0305f83ad369ff5393c
- SSDEEP
  
  6144:PkVfsqTfm3doynWm2ENVVUmKMW+7KQgNHY3GOn:PkxsSf+FnWm2EDV/d7KZNHa
Score

6^/10

spyware
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2