General
-
Target
df1c3a1b70fc8f37ea642c4df3a2f66b
-
Size
448KB
-
Sample
231228-pt73zsdchl
-
MD5
df1c3a1b70fc8f37ea642c4df3a2f66b
-
SHA1
87b9d4bacc776489efb68f762913b76ef86908bf
-
SHA256
51cfc971849b6d809df4f567616db7f420874a754752490b981134f1d40ff47c
-
SHA512
a5a3e83d48f6eb0bd1ccbd4f48567c04d66ec1ba11b4afaf55df5f120b186ad3c764dd78b9835f8b2fb37b0d76d3f77ec08657f355c6734960359017e00fb512
-
SSDEEP
6144:+efG+g1L+8z7eoRDemTD+uf9+GV6eauyGFyInlXYWbgqtS4zbvhdaDz/A7Ah5lL2:+3S8xTiG04nTbcAcDq
Behavioral task
behavioral1
Sample
df1c3a1b70fc8f37ea642c4df3a2f66b.exe
Resource
win7-20231215-en
Malware Config
Targets
-
-
Target
df1c3a1b70fc8f37ea642c4df3a2f66b
-
Size
448KB
-
MD5
df1c3a1b70fc8f37ea642c4df3a2f66b
-
SHA1
87b9d4bacc776489efb68f762913b76ef86908bf
-
SHA256
51cfc971849b6d809df4f567616db7f420874a754752490b981134f1d40ff47c
-
SHA512
a5a3e83d48f6eb0bd1ccbd4f48567c04d66ec1ba11b4afaf55df5f120b186ad3c764dd78b9835f8b2fb37b0d76d3f77ec08657f355c6734960359017e00fb512
-
SSDEEP
6144:+efG+g1L+8z7eoRDemTD+uf9+GV6eauyGFyInlXYWbgqtS4zbvhdaDz/A7Ah5lL2:+3S8xTiG04nTbcAcDq
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-