General
-
Target
22bae033c46d71990197f17a981ce3c9
-
Size
2.3MB
-
Sample
231225-q1xfhaeag9
-
MD5
22bae033c46d71990197f17a981ce3c9
-
SHA1
ce5488cd3d40e42917c7bb1c642da4b7817248d0
-
SHA256
620b5b24add3610dadb6d18e4a52f1fa3c6cb5686dac389b655be6ffb1ef62e5
-
SHA512
3a9448ca3b0b3074eaae4f0803f9d8522d19e5f0bbe222131a64543f374bf8658c8f9c0c08b2136bdc54439bc039e03fa4f61284aae26e15515790487731abd5
-
SSDEEP
49152:9T1KUWNK6HkvoHKbtaU0fG9sFbI3TWdhswrlEkj1vi25m:h49gqkvFZZ0fZsjWdhswrxj15
Static task
static1
Behavioral task
behavioral1
Sample
22bae033c46d71990197f17a981ce3c9.exe
Resource
win7-20231215-en
Malware Config
Extracted
44caliber
https://discord.com/api/webhooks/868513655556292688/7ViWQKXofSCTi8VWoHEcGeQK61RUEBYfnsE72cu6TJnpHYwlgzbrVI5gQn_jpfUMFoS5
Targets
-
-
Target
22bae033c46d71990197f17a981ce3c9
-
Size
2.3MB
-
MD5
22bae033c46d71990197f17a981ce3c9
-
SHA1
ce5488cd3d40e42917c7bb1c642da4b7817248d0
-
SHA256
620b5b24add3610dadb6d18e4a52f1fa3c6cb5686dac389b655be6ffb1ef62e5
-
SHA512
3a9448ca3b0b3074eaae4f0803f9d8522d19e5f0bbe222131a64543f374bf8658c8f9c0c08b2136bdc54439bc039e03fa4f61284aae26e15515790487731abd5
-
SSDEEP
49152:9T1KUWNK6HkvoHKbtaU0fG9sFbI3TWdhswrlEkj1vi25m:h49gqkvFZZ0fZsjWdhswrxj15
-
XMRig Miner payload
-
Stops running service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-