General
-
Target
1aebf6a1a305f1040ea16c21c143697f7c76277c8a957691d25698db30a971b6
-
Size
7.5MB
-
Sample
230801-ef4hjaec4z
-
MD5
5e46cc22ddf121ab4001ee5ee664d376
-
SHA1
cd0475812d4a0b2398beea77dd865e514262635d
-
SHA256
1aebf6a1a305f1040ea16c21c143697f7c76277c8a957691d25698db30a971b6
-
SHA512
63b5ec2dced11380f208ba88ab1a11b9cb347436291e5d03787c2655f6126a33c9ed2cc958f50c00e315ec44be6f25a19a36539f51e48b3849a051ab23b24354
-
SSDEEP
196608:PoCKFCGSiWz3WsiOL95v55+GHncYSxK+TW+sE4m3pk:QCKkeWixOnx5K8WW+0Wu
Static task
static1
Behavioral task
behavioral1
Sample
1aebf6a1a305f1040ea16c21c143697f7c76277c8a957691d25698db30a971b6.exe
Resource
win7-20230712-en
Malware Config
Extracted
amadey
3.85
45.9.74.166/b7djSDcPcZ/index.php
45.9.74.141/b7djSDcPcZ/index.php
Extracted
systembc
5.42.65.67:4298
localhost.exchange:4298
Targets
-
-
Target
1aebf6a1a305f1040ea16c21c143697f7c76277c8a957691d25698db30a971b6
-
Size
7.5MB
-
MD5
5e46cc22ddf121ab4001ee5ee664d376
-
SHA1
cd0475812d4a0b2398beea77dd865e514262635d
-
SHA256
1aebf6a1a305f1040ea16c21c143697f7c76277c8a957691d25698db30a971b6
-
SHA512
63b5ec2dced11380f208ba88ab1a11b9cb347436291e5d03787c2655f6126a33c9ed2cc958f50c00e315ec44be6f25a19a36539f51e48b3849a051ab23b24354
-
SSDEEP
196608:PoCKFCGSiWz3WsiOL95v55+GHncYSxK+TW+sE4m3pk:QCKkeWixOnx5K8WW+0Wu
-
Detects Arechclient2 RAT
Arechclient2.
-
Detects DLL dropped by Raspberry Robin.
Raspberry Robin.
-
SectopRAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-