General
-
Target
PcCheck.exe
-
Size
16.1MB
-
Sample
240428-zbswfsgg8t
-
MD5
b55e40f5c24dbc2a72968ac94bfe057f
-
SHA1
41ca6341f4eee213007447e1b307219a0c37a8e2
-
SHA256
9d00d2092bdac1a3312e25a63b7d9bb86f18915b943ead86b638deb2c220d682
-
SHA512
7a9beb82b14d2d4b830f74e07bd94f715251ff05d0cf6fa3b1cbed92b027693d6cc9ee488a8ef867058fa66d499ca603a47e4b0d4552f5496c4e18582415d3f2
-
SSDEEP
393216:fEkg2716P8AxYD3W+eGQRg93iObLRS/MLQrj3IokpRvs:fnZXTW+e5R49nR9cX9CN
Malware Config
Targets
-
-
Target
PcCheck.exe
-
Size
16.1MB
-
MD5
b55e40f5c24dbc2a72968ac94bfe057f
-
SHA1
41ca6341f4eee213007447e1b307219a0c37a8e2
-
SHA256
9d00d2092bdac1a3312e25a63b7d9bb86f18915b943ead86b638deb2c220d682
-
SHA512
7a9beb82b14d2d4b830f74e07bd94f715251ff05d0cf6fa3b1cbed92b027693d6cc9ee488a8ef867058fa66d499ca603a47e4b0d4552f5496c4e18582415d3f2
-
SSDEEP
393216:fEkg2716P8AxYD3W+eGQRg93iObLRS/MLQrj3IokpRvs:fnZXTW+e5R49nR9cX9CN
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-