General
-
Target
VimWareX.exe
-
Size
76.1MB
-
Sample
230501-e196taed84
-
MD5
10ae3df19d768679de6e98ae5965a524
-
SHA1
13118f6099e621e15fafff9a1211a70330db3b18
-
SHA256
14c90aabd4fcfbe2165d2732dbb4d5e02605f9681da1e5df64b03a6ec34f0f02
-
SHA512
8b1c9cb133bfe5d70b1a815ddaf9d36e334cc431d62c301be1bb1c4b32e2abb1e031562d81c85cba5aa0bb9ca7c046bfb0420addb3f092df29ab3b962bfb066b
-
SSDEEP
1572864:b+zueoOOOOOOcjF4+OOOvuO8OOOOOObOOOOOOcqgmB7e4l2Rn22COhOOuOxhVXQM:b+zueoOOOOOOkF4+OOOvuO8OOOOOObOt
Static task
static1
Behavioral task
behavioral1
Sample
VimWareX.exe
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
VimWareX.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
stealerium
https://discord.com/api/webhooks/1102415278891073566/bFs73srquzGw2Y27PH91Ad2Fcckd_3vfpq-m7929q1T10l8jQg92iK1E5K6UOKXSr-OZ
Targets
-
-
Target
VimWareX.exe
-
Size
76.1MB
-
MD5
10ae3df19d768679de6e98ae5965a524
-
SHA1
13118f6099e621e15fafff9a1211a70330db3b18
-
SHA256
14c90aabd4fcfbe2165d2732dbb4d5e02605f9681da1e5df64b03a6ec34f0f02
-
SHA512
8b1c9cb133bfe5d70b1a815ddaf9d36e334cc431d62c301be1bb1c4b32e2abb1e031562d81c85cba5aa0bb9ca7c046bfb0420addb3f092df29ab3b962bfb066b
-
SSDEEP
1572864:b+zueoOOOOOOcjF4+OOOvuO8OOOOOObOOOOOOcqgmB7e4l2Rn22COhOOuOxhVXQM:b+zueoOOOOOOkF4+OOOvuO8OOOOOObOt
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-