General
-
Target
NeverloseCrackedBykL.exe
-
Size
8.2MB
-
Sample
240428-p5yzfsgf9t
-
MD5
534b6fa0aa29c69569dc8fff7b2320b4
-
SHA1
0f3d05bad5eb3241f6cdcda5a3eba627566b5587
-
SHA256
79d5e59e9d29ed290108dd209b3f94cd52ffcdebf7b9d22e6ced41d97c36c52b
-
SHA512
d1291abfdebf7329c1cd98bb5edd4610e2ff8fb844bc19f64b0842dc3584ec77e0a4930063e480c68213f349848a766f82ffd658a481de58b12aaeeaf25ca2ef
-
SSDEEP
196608:UrOrYOp6XOshoKMuIkhVastRL5Di3u4CTQ1D7Jz:bYOpOOshouIkPftRL54BRJz
Behavioral task
behavioral1
Sample
NeverloseCrackedBykL.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
NeverloseCrackedBykL.exe
Resource
win11-20240426-en
Behavioral task
behavioral3
Sample
�7�F��.pyc
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
�7�F��.pyc
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
NeverloseCrackedBykL.exe
-
Size
8.2MB
-
MD5
534b6fa0aa29c69569dc8fff7b2320b4
-
SHA1
0f3d05bad5eb3241f6cdcda5a3eba627566b5587
-
SHA256
79d5e59e9d29ed290108dd209b3f94cd52ffcdebf7b9d22e6ced41d97c36c52b
-
SHA512
d1291abfdebf7329c1cd98bb5edd4610e2ff8fb844bc19f64b0842dc3584ec77e0a4930063e480c68213f349848a766f82ffd658a481de58b12aaeeaf25ca2ef
-
SSDEEP
196608:UrOrYOp6XOshoKMuIkhVastRL5Di3u4CTQ1D7Jz:bYOpOOshouIkPftRL54BRJz
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
�7�F��.pyc
-
Size
1KB
-
MD5
b73d5a8ab64d052eccb12f27be64b398
-
SHA1
0f1ce2c0e1beb3221c3436fb6185c7888f087b10
-
SHA256
aae6f9d4a7a57265ecf6d659b24c179c803bca15318a273b892f998f48bae080
-
SHA512
93fbd51ec919ee66970ba6eef1031aa510c60b8a86d873a43438ff71ad3b714aa941550834c2b6d7e178996436b9d10631895fa0a1d1dfb186b41892e6fcf7f6
Score1/10 -