General
-
Target
spoofer.rar
-
Size
5.8MB
-
Sample
240427-k28bhaga3z
-
MD5
e557338a66e1cbdae8ef7177ee6ac564
-
SHA1
1a38301126a19fc35a398325a3e78bdd295d1b00
-
SHA256
d33fe2a172d41b4411ae08c0a77769146bc3d36cb07befb0b25b3b39ffe981c9
-
SHA512
5384c36328e156fe8cd466c59871b5f6daf1e14fb7bea06f6bab76d8b5e5ff8016a2b8ca1cdcc687aac985d29b7fc9a081b5dee43d8606300d27edd611872229
-
SSDEEP
98304:Omc5D2BrJIUBuVJrOIue+W4g4JVXWIIWKUN8AMoiz3arksoAREYAoc60Pq66y:42pnex43/WCwoibeks7REYAot0D
Behavioral task
behavioral1
Sample
spoofer.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
spoofer.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
spoofer.exe
Resource
win11-20240419-en
Malware Config
Targets
-
-
Target
spoofer.exe
-
Size
6.0MB
-
MD5
51404c7e914f379cf9422e723dcf8394
-
SHA1
45f42f018d0b63cf6a759164e047e3688a6bcdf3
-
SHA256
8c64138979cd1fa9f3e8b85750f4d664a58749486d6d40ef5f67a48d3deed612
-
SHA512
7aa21406843915b4c4ca77d228a0ad625fc8a33b7793a9894aeb63511188f014f817357a1b011b7908140a34ed96d8fcb4902f6ada84dac36d9c4de3a2000a4b
-
SSDEEP
98304:HraPEtdFBg3zamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4ROBMDm238I2:Hra+FHeN/FJMIDJf0gsAGK4ROuDh2
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-