General
-
Target
Azure_external.V1.exe
-
Size
16.1MB
-
Sample
240407-zb4myseb74
-
MD5
742c52fad0929077e00e3ce255ad4e3a
-
SHA1
f33c9e37bc981ed2a7fa0e16599f18dbf6104c9b
-
SHA256
05930004fafd21dbe0ef223953155be26b84e2abf35f1916c718be6a0b657255
-
SHA512
bb8f8ef3641d0e116765e4cf5e89b7b22e0273a8b2c87759ebd3c2f0031a08c14dc5cbb1e8cd5e8323857ba82873804163bc8f5d3f518cbaa8e1b3265a0694a8
-
SSDEEP
393216:pEkZgf8JjgP8AxYDX1+TtIiFGuvB5IjWqn6eCz1ZPYrS5x+32Kda:pRbJjbX71QtIZS3ILn6ewK32Kda
Behavioral task
behavioral1
Sample
Azure_external.V1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Azure_external.V1.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
creal.pyc
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
creal.pyc
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Azure_external.V1.exe
-
Size
16.1MB
-
MD5
742c52fad0929077e00e3ce255ad4e3a
-
SHA1
f33c9e37bc981ed2a7fa0e16599f18dbf6104c9b
-
SHA256
05930004fafd21dbe0ef223953155be26b84e2abf35f1916c718be6a0b657255
-
SHA512
bb8f8ef3641d0e116765e4cf5e89b7b22e0273a8b2c87759ebd3c2f0031a08c14dc5cbb1e8cd5e8323857ba82873804163bc8f5d3f518cbaa8e1b3265a0694a8
-
SSDEEP
393216:pEkZgf8JjgP8AxYDX1+TtIiFGuvB5IjWqn6eCz1ZPYrS5x+32Kda:pRbJjbX71QtIZS3ILn6ewK32Kda
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
creal.pyc
-
Size
64KB
-
MD5
3e713cb6c4046483cf5628154ab009e9
-
SHA1
2beb55fbed6ee76c560e3679bd12856624932097
-
SHA256
5dc51c79342e699ac9ac8e05b288f81cc56b7e67e398f98222d12f653d144ae8
-
SHA512
51d1db3bc18d125ca7fdffe7a7c992d4653af79f50c690bca95a8a345bf03fd10114f364e62d5fb6acd97ef784879decefe42d3b77fb20b8cc7c83e0505e73d7
-
SSDEEP
1536:7TrQe+0Ql9pObo8BHWftXASFW08VAeOR2es:7TOYbo8B2VXASNMAeORk
Score3/10 -