General
-
Target
1.exe
-
Size
7.9MB
-
Sample
240403-xlcacaaa72
-
MD5
edad028afad7d751e95aa524b812fef4
-
SHA1
de399cbf29bd5ca367c723288c8cb55048c44446
-
SHA256
577066c5dd6d992ef8879cec6c006a820706d4199406efa2ac60e7191c8ed481
-
SHA512
ca23721b8e896830b7b0c1fedff87fff4e5d67b3dc796a851990692a2852b0c74cc44fd6a3d5a54dbd8849efd18cff07d8c15987fcd5e7d0da4abc96b99733c8
-
SSDEEP
98304:wWqqoMV8F4Tab14wQ2zLT0VbdGfNBODVG:dV4b11zdHE
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
1.exe
-
Size
7.9MB
-
MD5
edad028afad7d751e95aa524b812fef4
-
SHA1
de399cbf29bd5ca367c723288c8cb55048c44446
-
SHA256
577066c5dd6d992ef8879cec6c006a820706d4199406efa2ac60e7191c8ed481
-
SHA512
ca23721b8e896830b7b0c1fedff87fff4e5d67b3dc796a851990692a2852b0c74cc44fd6a3d5a54dbd8849efd18cff07d8c15987fcd5e7d0da4abc96b99733c8
-
SSDEEP
98304:wWqqoMV8F4Tab14wQ2zLT0VbdGfNBODVG:dV4b11zdHE
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1