General
-
Target
9b95dc37744055c1d9cec9f4383ddb52bf0436a3ae88112b782211a02533fa88.exe
-
Size
1.0MB
-
Sample
240221-edjeksba2x
-
MD5
4334e838a1ad1e35a533d8ff6d55ea3d
-
SHA1
cb617e4af09ee90e8918fb7488337a935750a318
-
SHA256
9b95dc37744055c1d9cec9f4383ddb52bf0436a3ae88112b782211a02533fa88
-
SHA512
0e107f77986171d13358eb780fbb3c243f1f4afbbfe5f615172e15de2bc1948932b82e592abedb03262444c81ebc86e1e2bfe7fffb3f964289a31c2f5e863dff
-
SSDEEP
24576:0z28lByb3DFSo0hs6vZ0MZ0ZvJPqljO35FhAJacjuFlewy:0K8vommMtZO35FoQm
Malware Config
Targets
-
-
Target
9b95dc37744055c1d9cec9f4383ddb52bf0436a3ae88112b782211a02533fa88.exe
-
Size
1.0MB
-
MD5
4334e838a1ad1e35a533d8ff6d55ea3d
-
SHA1
cb617e4af09ee90e8918fb7488337a935750a318
-
SHA256
9b95dc37744055c1d9cec9f4383ddb52bf0436a3ae88112b782211a02533fa88
-
SHA512
0e107f77986171d13358eb780fbb3c243f1f4afbbfe5f615172e15de2bc1948932b82e592abedb03262444c81ebc86e1e2bfe7fffb3f964289a31c2f5e863dff
-
SSDEEP
24576:0z28lByb3DFSo0hs6vZ0MZ0ZvJPqljO35FhAJacjuFlewy:0K8vommMtZO35FoQm
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing SQL queries to confidential data stores. Observed in infostealers
-
Detects executables referencing credit card regular expressions
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-