General
-
Target
Aquatic V4.rar
-
Size
15.4MB
-
Sample
240202-btgzxachhn
-
MD5
9ebfb9f1f0e455f2fd0dc07572d0afb9
-
SHA1
22ecd9af8f79f689cab3acad59ac377f6c337a1e
-
SHA256
5b6439523658efc8db954fa38b37ac1a5f145eaecbb45feecec21363c602dabf
-
SHA512
838e74e12a458a150a0bb3f2391916fa16344d55fa89087b843184a3057f11305a00be4cd614cdd7a2d347df4aee6ba9c0cca1206d48c82c5f7bb4858df3a4a5
-
SSDEEP
393216:s4ga9QO+ArJxxklrBcpHo5O7YdN3WprlFm+Mvd3oRY45:sta9oeRr7SluBFm+Ml3oRYg
Malware Config
Targets
-
-
Target
Aquatic V4/Aquatic V4/Aquatic V4.exe
-
Size
15.8MB
-
MD5
2718009081ff830d042538496c4f673f
-
SHA1
56b05669b3c3392f16bd6de77b979614657aaa1e
-
SHA256
c29727517ceea16814c23d6cb3b57e3f852cc714ae8a9fe152658e7275a298ee
-
SHA512
a8251cb7d3e593da4d1887ca0f7929501bb3be115927f642dffc267ef8e4ef64742fa85b2a5581c0e300e3b22682a3907d5acc5349e0a286a48f67442b7ba126
-
SSDEEP
393216:EiIE7Yo9+4urntpUTLfhJsW+eGQRe9jo7BGcG7Y/q66WCDD:d7r9+RTHUTLJSW+e5Re9M+VDD
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Creal.pyc
-
Size
48KB
-
MD5
21f44cfb30866b35cda1bd93fc578f8d
-
SHA1
3205ed8898883c97ff280fff7bf1f416f92b90dd
-
SHA256
2f87e4d6705dd05d4196105d0f8fef38da285ad1338923b4b620af6fd4732d0d
-
SHA512
9ddd8b7329c6687ae7baedbf3f7e5e36e267d08babc7d20f23a9c283c9344da2130c7b0cbc88de04bb805eef61949a6732e6a1546492603ca52b24658b318df9
-
SSDEEP
768:PpFnrxya7K+aTMdcmrVWwzO/phReWdXEXuGtz07VOZZYGQmGw8jt4xMao3Q1:/rgaqMamgphoWdUeOPZZYGQmGwWaoA
Score3/10 -