General
-
Target
VoidExecutorV4.exe
-
Size
13.2MB
-
Sample
240204-txyqyaeca5
-
MD5
9ead61bc7a84090c2a52fcda742fae94
-
SHA1
f2388ada38b26cc3bd9e23e5b33d0007cdf9e244
-
SHA256
7f19a2d8aee461b7e2f9322c4c2a3083f873da45390423bf09a081e7dc3d028e
-
SHA512
6bfbc0d1b51b0377c54b9fcfffa20a66fc7bd4b3f4d56a7ad695e111c45f62af2f0a09faa927edd99508a2213ffa0987df78b59999d03bcca5e2d05035088a31
-
SSDEEP
393216:K9EkMD2wW+eGQRIMTozGxu8C0ibfz6e57c1bmXiWCNta:4UD2wW+e5R5oztZ026e5aFVNta
Malware Config
Targets
-
-
Target
VoidExecutorV4.exe
-
Size
13.2MB
-
MD5
9ead61bc7a84090c2a52fcda742fae94
-
SHA1
f2388ada38b26cc3bd9e23e5b33d0007cdf9e244
-
SHA256
7f19a2d8aee461b7e2f9322c4c2a3083f873da45390423bf09a081e7dc3d028e
-
SHA512
6bfbc0d1b51b0377c54b9fcfffa20a66fc7bd4b3f4d56a7ad695e111c45f62af2f0a09faa927edd99508a2213ffa0987df78b59999d03bcca5e2d05035088a31
-
SSDEEP
393216:K9EkMD2wW+eGQRIMTozGxu8C0ibfz6e57c1bmXiWCNta:4UD2wW+e5R5oztZ026e5aFVNta
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-