General
-
Target
AppSetupFile14.2.exe
-
Size
585.5MB
-
Sample
230609-y49t1add28
-
MD5
69e79c85a293b9c15b75a3318f70e313
-
SHA1
1409d27f7fd0248fb9ad1b13df674ac5dbc72487
-
SHA256
5e202de081b3747544c8784bceae14e80a956a874b69d8971157e953ae0604f3
-
SHA512
90d7778b3f37ed215bf23922ab12d5bd232f08ff5f36c9e95b6c95b7bd826d688fa8748875da12f3fdd468d10c9eef253fb60ba828c9be491a73fd03a171e6f5
-
SSDEEP
393216:pBtL7zF3Zni35kaQvFvj8YueE0MDOUFijrPmEXyBWWNt1Z:pBtL7fpv1uenMD1GPqBW6TZ
Static task
static1
Behavioral task
behavioral1
Sample
AppSetupFile14.2.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
AppSetupFile14.2.exe
-
Size
585.5MB
-
MD5
69e79c85a293b9c15b75a3318f70e313
-
SHA1
1409d27f7fd0248fb9ad1b13df674ac5dbc72487
-
SHA256
5e202de081b3747544c8784bceae14e80a956a874b69d8971157e953ae0604f3
-
SHA512
90d7778b3f37ed215bf23922ab12d5bd232f08ff5f36c9e95b6c95b7bd826d688fa8748875da12f3fdd468d10c9eef253fb60ba828c9be491a73fd03a171e6f5
-
SSDEEP
393216:pBtL7zF3Zni35kaQvFvj8YueE0MDOUFijrPmEXyBWWNt1Z:pBtL7fpv1uenMD1GPqBW6TZ
-
Blocklisted process makes network request
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-