General
-
Target
LMAOBOXLOADER.exe
-
Size
22.8MB
-
Sample
230423-l3wjrscf85
-
MD5
93e054f3dcd88d1586bf5b4d81c1c99b
-
SHA1
a4fc76c77d74d1431e5e0028c2ed85587efd89dd
-
SHA256
e488d82815f185b8b1a56010dc91ea4504dd813118815dc2a1d227c303404f2e
-
SHA512
6090818152dce58f089ce4a55464c6b35ce682a8d6cc32e0cafe275e7b07b2c31cca2e257eff517975fc0c37f3ef344d226793a8cbfb1138fe311f8af5a34b83
-
SSDEEP
393216:oT8s1p+KQPruCOYIKcuA8xVFqx/ucqvP6ZVFbY/etbSojLbqEU5Q4NFajz17lXtU:oQ6pwIKjA8xex/uEvblbSo3eV5PNqRpz
Static task
static1
Behavioral task
behavioral1
Sample
LMAOBOXLOADER.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
LMAOBOXLOADER.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
stealerium
https://discord.com/api/webhooks/1095395235925860562/XJKTcwaCabyMW-BfMqoZcV1Cdz4AG_yTryi6C2h1zfneacs22tdMKRBmOj0nL4Bx8vi0
Targets
-
-
Target
LMAOBOXLOADER.exe
-
Size
22.8MB
-
MD5
93e054f3dcd88d1586bf5b4d81c1c99b
-
SHA1
a4fc76c77d74d1431e5e0028c2ed85587efd89dd
-
SHA256
e488d82815f185b8b1a56010dc91ea4504dd813118815dc2a1d227c303404f2e
-
SHA512
6090818152dce58f089ce4a55464c6b35ce682a8d6cc32e0cafe275e7b07b2c31cca2e257eff517975fc0c37f3ef344d226793a8cbfb1138fe311f8af5a34b83
-
SSDEEP
393216:oT8s1p+KQPruCOYIKcuA8xVFqx/ucqvP6ZVFbY/etbSojLbqEU5Q4NFajz17lXtU:oQ6pwIKjA8xex/uEvblbSo3eV5PNqRpz
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-