General
-
Target
Aloha.exe
-
Size
7.0MB
-
Sample
240428-wrrfsadg5w
-
MD5
217c7388ec3f870ce02a460e3c6ff37d
-
SHA1
e793f716ae253b23f26e608d43dd98322f8d67cb
-
SHA256
d10987ef9b18add85d5ea975f9dbd87c3999940f3c804310dd3e23552375fdf9
-
SHA512
86d03dfaa54a19d11fb7338906a2fef2a2e2d23ce4e810033612e8ec0601a7fa06ae7cd6a8ee10a66e0ac81a07e2b419077345bcc02cce1bef0884af81853ec8
-
SSDEEP
98304:uJzHqdVfB2GyuT/9vUIdD9C+z3zO917vOTh+ezsNhx5S2zh/hQqOHziOJYPpAu3:ulQsGbT/9bvLz3S1bA329OqOmHPGu3A
Malware Config
Targets
-
-
Target
Aloha.exe
-
Size
7.0MB
-
MD5
217c7388ec3f870ce02a460e3c6ff37d
-
SHA1
e793f716ae253b23f26e608d43dd98322f8d67cb
-
SHA256
d10987ef9b18add85d5ea975f9dbd87c3999940f3c804310dd3e23552375fdf9
-
SHA512
86d03dfaa54a19d11fb7338906a2fef2a2e2d23ce4e810033612e8ec0601a7fa06ae7cd6a8ee10a66e0ac81a07e2b419077345bcc02cce1bef0884af81853ec8
-
SSDEEP
98304:uJzHqdVfB2GyuT/9vUIdD9C+z3zO917vOTh+ezsNhx5S2zh/hQqOHziOJYPpAu3:ulQsGbT/9bvLz3S1bA329OqOmHPGu3A
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-