General
-
Target
free.rar
-
Size
10.0MB
-
Sample
240420-gqjxzsah6x
-
MD5
70540b491b2685860d7880eaeb93f86c
-
SHA1
6175bb215248473ce346bfd15d8e97d4598c36f6
-
SHA256
17e4800294fd5e697858456adf2fcbce97943ee4e75463530c67bd3a02f061b2
-
SHA512
6faf89eb7005de9ae08db2df312e3e6d6a5f384c10852c93205571a135ab0137a2b2525aa3255b56100d9a7a1c48377b83a7e7a508de5bfa5c67805c67903f5d
-
SSDEEP
196608:EfwG5E6I/XBtD24O8JPs2R0+NlniGOm1SwYXD+3667d3xHWIo5da12p3o:hSEL/DD238J7xHniYUS36uBxH9Oa12p4
Malware Config
Targets
-
-
Target
free.exe
-
Size
10.2MB
-
MD5
a61aeb8087d96d39f06953265f023fb9
-
SHA1
04af2f57c300e8163a08f4e554422713defe4dea
-
SHA256
4ea84edfb5b79f367af09e356a0ec21710fb6d618f13dea513f264cca0abe598
-
SHA512
33e405294852b4763967be62308729a82173d9e0b510e710a22b922e693bd5b06e4c24340f45b2a831202a9f944dfccbdbcf23827dfee5009bff3c78a200cf05
-
SSDEEP
196608:dh0gJEkfcdqBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMfIGQfkdoXKh:bEkfc4q1+TtIiFUY9Z8D8CcldlQNbXKh
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-