Overview

overview

10

Static

static

10

69ee540d78...55.exe

windows7-x64

1

69ee540d78...55.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    69ee540d78678ca031d4b00626415ca52f22f57f96c4504203490e9234f60b55

  • Size

    128KB

  • Sample

    240417-2hmdcshe3w

  • MD5

    2a82f35e7a79350c0a1257358130c4e3

  • SHA1

    b57cfc659efa353f98b379446879607e1557899a

  • SHA256

    69ee540d78678ca031d4b00626415ca52f22f57f96c4504203490e9234f60b55

  • SHA512

    a839742a450b9baf2dcd731592bc4cedd4af4271912fbc4711f87ef091fe9ea464dfbed2ba07b28ea156c029a36eb40b70c8093759593644ebcd6b822844236e

  • SSDEEP

    3072:9rn4CuDcpMkymV5x0RCVZeeUebHCDYp61FmHhe8pTAV02DtEb:9r4Ndkf5xUCXUXDY8TDtEb

Score
10/10
allcomestealer

Malware Config

Extracted

Family

allcome

C2

http://62.109.16.47/API/2/configure.php?cf6zrlhn=tuffdebil

Wallets

DT8qmpTEqkbS1f41LFbbJxNu4gQtq6vU9c

rndEWHECqLsUt9miLwqW3RYmW63obkDucj

0xc4B4D212105d8851b0AAc48B01e0408d9956da27

Xj6ujQQNd2u2xKE5RK3g6ZJhoKmxDjTGKG

TKtQmTGQ4QJjzvPNqerkpk15P3c1AfbuK6

t1RNmZVMrdyT6XjPukeDFkkicsyejUYEE45

GCUNI73ZCKWSLR3Q3XM5D5JY6DKAFFFROM24UPFRTAJS2D52TRRRC532

42CzrSj7VTyRt1GB5tERnaSBJSEBJanQVgErPXHmBhCWQ3hzpvfFJUvAVommbRU65dKYyGRK2pHZdcHBE41nEQ13FoARFM6

qr8lrc2yz86jyjsu8mluckud4g9jhktjsggj4xn7kj

131Qoe2y3TGKRKg31doXKj1sYw5QoUx869

0xc4B4D212105d8851b0AAc48B01e0408d9956da27

LW7EWoy18v5AYu31ULMg3P1EoyT4w3srEq

ronin:23613a91878db0847e3d22f3c3812b996b38071a

MEJzu6SkhEDJvofLjwLwTTRqeZoCCVBAEx

ltc1q3d8c47dmek3c7pg6sj9uzqj99gxa0kfky2fml0

Targets

    • Target

      69ee540d78678ca031d4b00626415ca52f22f57f96c4504203490e9234f60b55

    • Size

      128KB

    • MD5

      2a82f35e7a79350c0a1257358130c4e3

    • SHA1

      b57cfc659efa353f98b379446879607e1557899a

    • SHA256

      69ee540d78678ca031d4b00626415ca52f22f57f96c4504203490e9234f60b55

    • SHA512

      a839742a450b9baf2dcd731592bc4cedd4af4271912fbc4711f87ef091fe9ea464dfbed2ba07b28ea156c029a36eb40b70c8093759593644ebcd6b822844236e

    • SSDEEP

      3072:9rn4CuDcpMkymV5x0RCVZeeUebHCDYp61FmHhe8pTAV02DtEb:9r4Ndkf5xUCXUXDY8TDtEb

    Score
    10/10
    allcomestealer

    • Allcome

      A clipbanker that supports stealing different cryptocurrency wallets and payment forms.

      stealerallcome

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks