General
-
Target
b16c0c978e88e21604804a50400e46af
-
Size
251KB
-
Sample
231222-q7xpvadddm
-
MD5
b16c0c978e88e21604804a50400e46af
-
SHA1
f2b408e552b0ca0d72a18651d8cf0a57cb21d806
-
SHA256
7a380970e44dea7a579e0231b079e766cac89c1417022839f0161cb3638b37d1
-
SHA512
8d7315ac35703fc49393b5ef76e4b4aea01f6c3870a74e426dec04a74e9ecdafa70758574954f2209780cd3bca1ee949c0c375e882120c36fd8ebf3be2e023a2
-
SSDEEP
3072:ParzRJ+yBeZmZRhRsMwsM55WCoZOi3Cy+3+EwTlDdB9Qh/ZiwO6CKduHHls5z3qS:zyBGWs/sE5WR9H+hONdB9MZiwYvFa3o
Static task
static1
Behavioral task
behavioral1
Sample
b16c0c978e88e21604804a50400e46af.exe
Resource
win7-20231129-en
Malware Config
Extracted
cryptbot
rasctx32.top
moryei03.top
-
payload_url
http://eloqos04.top/download.php?file=lv.exe
Targets
-
-
Target
b16c0c978e88e21604804a50400e46af
-
Size
251KB
-
MD5
b16c0c978e88e21604804a50400e46af
-
SHA1
f2b408e552b0ca0d72a18651d8cf0a57cb21d806
-
SHA256
7a380970e44dea7a579e0231b079e766cac89c1417022839f0161cb3638b37d1
-
SHA512
8d7315ac35703fc49393b5ef76e4b4aea01f6c3870a74e426dec04a74e9ecdafa70758574954f2209780cd3bca1ee949c0c375e882120c36fd8ebf3be2e023a2
-
SSDEEP
3072:ParzRJ+yBeZmZRhRsMwsM55WCoZOi3Cy+3+EwTlDdB9Qh/ZiwO6CKduHHls5z3qS:zyBGWs/sE5WR9H+hONdB9MZiwYvFa3o
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-