General
-
Target
28b981849caeac372392e0f2f9c16831142504afd8f9f7a2f24a299a37d0a1c1.exe
-
Size
244KB
-
MD5
a9603fc56b10d09f3940349b665cdbbc
-
SHA1
2e2a600c79da9680abd39550405ef262c35b506b
-
SHA256
28b981849caeac372392e0f2f9c16831142504afd8f9f7a2f24a299a37d0a1c1
-
SHA512
a15bca26e1e58d13a7ac529f0a28b74265e67bdc698d3d18c7a19d2a1e310c37cb0878a7f8b8556b374240a10bc1fe123a1979dc9653e1402e6e2881f77529e2
-
SSDEEP
6144:ll3RR2fzjGrMbyddEP1cnyZGbnZxhBI+o5+:NRxn7Eyyk35
Score
10/10
Malware Config
Signatures
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs
-
Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion 1 IoCs
-
Detects executables attemping to enumerate video devices using WMI 1 IoCs
-
Detects executables containing URLs to raw contents of a Github gist 1 IoCs
-
Detects executables containing the string DcRatBy 1 IoCs
-
Detects executables referencing Discord tokens regular expressions 1 IoCs
-
Detects executables referencing Windows vault credential objects. Observed in infostealers 1 IoCs
-
Detects executables referencing credit card regular expressions 1 IoCs
-
Detects executables referencing many VPN software clients. Observed in infosteslers 1 IoCs
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 1 IoCs
-
Detects executables using Telegram Chat Bot 1 IoCs
-
Detects executables with interest in wireless interface using netsh 1 IoCs
-
StormKitty payload 1 IoCs
-
Stormkitty family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
28b981849caeac372392e0f2f9c16831142504afd8f9f7a2f24a299a37d0a1c1.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections