General
-
Target
11bfafb62ab5e5c115862409c849f069dc0903abf0f864783bea73472db19932.exe
-
Size
963KB
-
Sample
240322-cjex8seh94
-
MD5
2f96e6fd36ceec8c32dcc6c7607a87bd
-
SHA1
89b9bd60c39a582da440112f12f939c90102d567
-
SHA256
11bfafb62ab5e5c115862409c849f069dc0903abf0f864783bea73472db19932
-
SHA512
755e29062263821fac7c37be3dd7e0b980804adbe301d1945c9098ca1cb8ae57f293a022a2e11677e404bac323b4e5995d4c57d45c2edb13595ff151547993b9
-
SSDEEP
12288:wbZfqmfr+7Iz6tuhHr2WX3rLKJQEKKHP9SxG4A1wF7dieRJ14BEtIX2UgGj+Xtah:wbZCmf67FtuZFX3KJQgl4KEoEoePUF3Z
Static task
static1
Behavioral task
behavioral1
Sample
11bfafb62ab5e5c115862409c849f069dc0903abf0f864783bea73472db19932.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
11bfafb62ab5e5c115862409c849f069dc0903abf0f864783bea73472db19932.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Bedwarmer.ps1
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Bedwarmer.ps1
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
11bfafb62ab5e5c115862409c849f069dc0903abf0f864783bea73472db19932.exe
-
Size
963KB
-
MD5
2f96e6fd36ceec8c32dcc6c7607a87bd
-
SHA1
89b9bd60c39a582da440112f12f939c90102d567
-
SHA256
11bfafb62ab5e5c115862409c849f069dc0903abf0f864783bea73472db19932
-
SHA512
755e29062263821fac7c37be3dd7e0b980804adbe301d1945c9098ca1cb8ae57f293a022a2e11677e404bac323b4e5995d4c57d45c2edb13595ff151547993b9
-
SSDEEP
12288:wbZfqmfr+7Iz6tuhHr2WX3rLKJQEKKHP9SxG4A1wF7dieRJ14BEtIX2UgGj+Xtah:wbZCmf67FtuZFX3KJQgl4KEoEoePUF3Z
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
Bedwarmer.Hom
-
Size
58KB
-
MD5
aae5fcb1e66470ef7a08ea335b80ac05
-
SHA1
9422c0898c87a134c72c6ffa35c594d93dba9dc9
-
SHA256
8bd9205c7c8f112ff5cba1307842eddccc18e20e227cccb7b74e6a24e686b8b0
-
SHA512
031d187a47a9b687d6822f34e74029f2f1cf4eb8687dc2846a3d84efbf9d30d5459870842a22cdab89130915501e2593f79b2a32da5c266d382120e0a042b072
-
SSDEEP
1536:kIA6tvaB6ot7AWRT/HFQzHYDLaKzxxkRq:kIltiBhzlQELaKzjD
Score8/10-
Modifies Installed Components in the registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-