General
-
Target
SecuriteInfo.com.Win32.Evo-gen.25423.22998
-
Size
195KB
-
Sample
231120-eynvssdg46
-
MD5
076ac01ea35d4b4a78130ffe0b0da1b9
-
SHA1
0e20fae40bccd1f9ac4845ec3ff4f29f5b7250b8
-
SHA256
4a4edf2b54ebe39c26293d94699b07050709a8549c213f9ac8f344f766707fc9
-
SHA512
582f6729a1019cc2662c0ec8518fae2609267cc3f5662f44e4f5720d5bd33e532dbcaaf2a7279135ecc72412354708853ec4dc49884ac2e24dee6c36c4a49fd9
-
SSDEEP
6144:h9H1Xawk0LIRwox29ll1NsJF5cnZ1msCX:h9ZauIRwooLstcnZsf
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.Evo-gen.25423.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.Evo-gen.25423.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
marsstealer
Default
alpha.twinsources.shop/gate.php
Targets
-
-
Target
SecuriteInfo.com.Win32.Evo-gen.25423.22998
-
Size
195KB
-
MD5
076ac01ea35d4b4a78130ffe0b0da1b9
-
SHA1
0e20fae40bccd1f9ac4845ec3ff4f29f5b7250b8
-
SHA256
4a4edf2b54ebe39c26293d94699b07050709a8549c213f9ac8f344f766707fc9
-
SHA512
582f6729a1019cc2662c0ec8518fae2609267cc3f5662f44e4f5720d5bd33e532dbcaaf2a7279135ecc72412354708853ec4dc49884ac2e24dee6c36c4a49fd9
-
SSDEEP
6144:h9H1Xawk0LIRwox29ll1NsJF5cnZ1msCX:h9ZauIRwooLstcnZsf
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-