General
-
Target
Exoticexternal.zip
-
Size
17.0MB
-
Sample
240423-zp53yabh34
-
MD5
0542d292f8c112539c4c16d28d58b768
-
SHA1
3f9563d3e0b9978005b811c5bf1eb20535e59f52
-
SHA256
0d5b9bd6e51cae5e7886a68238645e8e994892b01abe68c1e855365606a061f6
-
SHA512
88dd6cf6ec6ef8589038c09b103539eae988d12126056ec5fffc1f693e2dee558fd48fa3b2ff8a59df4d8e7032293087251deb98db2f48bfebd1c12fac6cde7c
-
SSDEEP
393216:cX51Oafe10ZAlyk143gUOrTFXoQKRObP1AReA0JK:cpsaf40W314QUqpo3Ri2RedK
Behavioral task
behavioral1
Sample
Exoticexternal.zip
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Exoticexternal.zip
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
Exotic.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Exotic.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
creal.pyc
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
creal.pyc
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Exoticexternal.zip
-
Size
17.0MB
-
MD5
0542d292f8c112539c4c16d28d58b768
-
SHA1
3f9563d3e0b9978005b811c5bf1eb20535e59f52
-
SHA256
0d5b9bd6e51cae5e7886a68238645e8e994892b01abe68c1e855365606a061f6
-
SHA512
88dd6cf6ec6ef8589038c09b103539eae988d12126056ec5fffc1f693e2dee558fd48fa3b2ff8a59df4d8e7032293087251deb98db2f48bfebd1c12fac6cde7c
-
SSDEEP
393216:cX51Oafe10ZAlyk143gUOrTFXoQKRObP1AReA0JK:cpsaf40W314QUqpo3Ri2RedK
Score1/10 -
-
-
Target
Exotic.exe
-
Size
17.2MB
-
MD5
b45e397ad6ada395d8de4151911dd1a6
-
SHA1
c3b3484953c0e2ac60dad617591b6357aacca1d7
-
SHA256
bf349655aa3cc9bd627892d0a224af252bb6da707455474248d44876d14a1976
-
SHA512
d5f042215d1d433ab8d05878cfb3e61b413a6892f9f1d5339f67051ee85dbba16e828f71e27fde097c4c2b3ed5c999931285d88a487471fe1bcc824e3960f38d
-
SSDEEP
393216:CEkZQpP8AxYDwdQuslSl99oWOv+9fgd62ts4ev3h:ChQSXsdQu9DorvSYd6asPh
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
creal.pyc
-
Size
39KB
-
MD5
0565484c3d4160c0c43cdf819645fb2d
-
SHA1
9d8c87f60aed4e828ee4bc2692b5379a1c284237
-
SHA256
4ff92e8da1372d22060e5223cf7b316d96bcbe09264174f5486168368001d9c2
-
SHA512
19130ee88139135734941c743156a8401f80881b5e8fc857347a2019249c213cd8eb1d8a52e5cf0b890f0a52b2c080d7e9fe3bde3a88c3778ddf07ae41fc82ea
-
SSDEEP
768:CDP7bnrv7lFrAgArVxsy1qS7hH4aArxgkIdt3FZa2VbJgjFiYCuKABNHrbRH/iYb:M7brv3wxsKHYxg33FZaQV0FiYCuK4NnZ
Score3/10 -