General
-
Target
Matheus_Xits.exe
-
Size
16.4MB
-
Sample
240420-lpw85sec8z
-
MD5
5d064814405e2734b6523d089aa450a5
-
SHA1
29694b3545f8073c71d05ca1b03a4b792e07cad3
-
SHA256
ae88d843c935cbd3f7afb2a40e0bc9644e0036dc23f0e2015e6554e22846a380
-
SHA512
27b38d7f743231b9361992340378100b8ea8714555f6780b86622371adde8d5ec246de63e98ae521658a51ee1bdab3daa1af962cb3efefdc9e24e38517e59984
-
SSDEEP
393216:zEk4gf8igP8AxYDX1+TtIiFGuvB5IjWqn6eCz1+y2XUS+da:zwbibX71QtIZS3ILn6eByo+da
Malware Config
Targets
-
-
Target
Matheus_Xits.exe
-
Size
16.4MB
-
MD5
5d064814405e2734b6523d089aa450a5
-
SHA1
29694b3545f8073c71d05ca1b03a4b792e07cad3
-
SHA256
ae88d843c935cbd3f7afb2a40e0bc9644e0036dc23f0e2015e6554e22846a380
-
SHA512
27b38d7f743231b9361992340378100b8ea8714555f6780b86622371adde8d5ec246de63e98ae521658a51ee1bdab3daa1af962cb3efefdc9e24e38517e59984
-
SSDEEP
393216:zEk4gf8igP8AxYDX1+TtIiFGuvB5IjWqn6eCz1+y2XUS+da:zwbibX71QtIZS3ILn6eByo+da
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-