Overview

overview

10

Static

static

7

avicap32.exe

windows7-x64

10

avicap32.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    avicap32.exe

  • Size

    6.1MB

  • Sample

    230826-z9lj2adc92

  • MD5

    8570d48a1291cc62a902b06b7429b2dd

  • SHA1

    6f7de617e02b655c01e734e9ea30bfdfb4caaa24

  • SHA256

    729c7829cb055679d29b496693a55814c1a493c7c4a68ab7c121ee5e4745c430

  • SHA512

    43970a17e5d27801dd8306b5b228bc1ce300c07ddf9801775ea52b87d73fa96041160927ca23c5e4b98046f8aadc6973e9fda58d9bfeac25399370295c053af0

  • SSDEEP

    196608:1nXtfIhfnpg/2hk57yqx256vfOCv8q+M/VX:1nXtfIhfnpg/2hk57yqxvf1f+MZ

Score
10/10
allcomestealerthemida

Malware Config

Extracted

Family

allcome

C2

http://dba692117be7b6d3480fe5220fdd58b38bf.xyz/API/2/configure.php?cf6zrlhn=finarnw

Targets

    • Target

      avicap32.exe

    • Size

      6.1MB

    • MD5

      8570d48a1291cc62a902b06b7429b2dd

    • SHA1

      6f7de617e02b655c01e734e9ea30bfdfb4caaa24

    • SHA256

      729c7829cb055679d29b496693a55814c1a493c7c4a68ab7c121ee5e4745c430

    • SHA512

      43970a17e5d27801dd8306b5b228bc1ce300c07ddf9801775ea52b87d73fa96041160927ca23c5e4b98046f8aadc6973e9fda58d9bfeac25399370295c053af0

    • SSDEEP

      196608:1nXtfIhfnpg/2hk57yqx256vfOCv8q+M/VX:1nXtfIhfnpg/2hk57yqxvf1f+MZ

    Score
    10/10
    allcomestealerthemida

    • Allcome

      A clipbanker that supports stealing different cryptocurrency wallets and payment forms.

      stealerallcome

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks