General
-
Target
screensharing.exe
-
Size
19.7MB
-
Sample
240403-v6v7vagd33
-
MD5
229eb21cbfd6b7e1105eb8a9aec0964b
-
SHA1
2f3e7ddb97968c154d3e4caf1b4a3b38a183cd55
-
SHA256
e1ec0ec1eab7e51144a6cc0600f366b5b0876780028eb319ab4337201735511b
-
SHA512
bd905ec52cf7430b7bfacf504e1fd77565af43260ea67f4253c52627d80195f26acac74714970d43068f1d1b741d8263455420d41adc6407974afb7979b11020
-
SSDEEP
393216:rEkZQtstQdqWP8AxYDwdQJlUwF3MnG3o4l5iJBLeZWiv8RZ5ZHTy:rhQtstq8XsdQN3MGYAAkMbz
Behavioral task
behavioral1
Sample
screensharing.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
screensharing.exe
-
Size
19.7MB
-
MD5
229eb21cbfd6b7e1105eb8a9aec0964b
-
SHA1
2f3e7ddb97968c154d3e4caf1b4a3b38a183cd55
-
SHA256
e1ec0ec1eab7e51144a6cc0600f366b5b0876780028eb319ab4337201735511b
-
SHA512
bd905ec52cf7430b7bfacf504e1fd77565af43260ea67f4253c52627d80195f26acac74714970d43068f1d1b741d8263455420d41adc6407974afb7979b11020
-
SSDEEP
393216:rEkZQtstQdqWP8AxYDwdQJlUwF3MnG3o4l5iJBLeZWiv8RZ5ZHTy:rhQtstq8XsdQN3MGYAAkMbz
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-