General
-
Target
edbcfe1171767f6e2a18266e14039c5fecfd0922fd5eca64971a901ea2d9d8aa_JC.exe
-
Size
620KB
-
Sample
230830-x8yrvshe6v
-
MD5
e36ce22684d90063256005787dc6f20b
-
SHA1
bc7647d15e52e72bf36fda20e782965a2e7e47ba
-
SHA256
edbcfe1171767f6e2a18266e14039c5fecfd0922fd5eca64971a901ea2d9d8aa
-
SHA512
e779725bb997951150788f81e10ebffa64bc406b519b78dda612955e597ca602b6fd0bfa471fe5abf35e585af5d9c92c6c593958d941c354dd5a5011e490bdb6
-
SSDEEP
12288:D8t1GmK3ENAdy1YWEt3IRiRwxahJCKxXoRwh3CX7wBO09yrxR+tmtR:D8vGz3EACLEtMEDxVoR0SMwjTR
Static task
static1
Behavioral task
behavioral1
Sample
edbcfe1171767f6e2a18266e14039c5fecfd0922fd5eca64971a901ea2d9d8aa_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
edbcfe1171767f6e2a18266e14039c5fecfd0922fd5eca64971a901ea2d9d8aa_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
predatorstealer
http://www.biopharmzpharma.com/Maxwhite/
Targets
-
-
Target
edbcfe1171767f6e2a18266e14039c5fecfd0922fd5eca64971a901ea2d9d8aa_JC.exe
-
Size
620KB
-
MD5
e36ce22684d90063256005787dc6f20b
-
SHA1
bc7647d15e52e72bf36fda20e782965a2e7e47ba
-
SHA256
edbcfe1171767f6e2a18266e14039c5fecfd0922fd5eca64971a901ea2d9d8aa
-
SHA512
e779725bb997951150788f81e10ebffa64bc406b519b78dda612955e597ca602b6fd0bfa471fe5abf35e585af5d9c92c6c593958d941c354dd5a5011e490bdb6
-
SSDEEP
12288:D8t1GmK3ENAdy1YWEt3IRiRwxahJCKxXoRwh3CX7wBO09yrxR+tmtR:D8vGz3EACLEtMEDxVoR0SMwjTR
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-