General
-
Target
spoofer.rar
-
Size
16.2MB
-
Sample
240508-3em16add5v
-
MD5
327b05c4b5a1d15cd7f71caf50cf66f8
-
SHA1
9a34bec7fbf2cb0c919c80d8f3d6272250023dcd
-
SHA256
5f91548b380d6146cbe7d226432942a0e29ec255b631da6e53b2d7c4e7b0dff8
-
SHA512
7763f238325d82f7b39e5a9a03a230cff21783c1f789e412eaa8f4afb382193b70ee738e21463fc29fff96cebf446ce5c01ffde94478128cb42ce393be0c3aee
-
SSDEEP
393216:WpfBkQhYgJvNDAF0N96I82AfO4GZrYlYOp698Cd0:WPygvqPIOOTrok9+
Behavioral task
behavioral1
Sample
spoofer.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
spoofer.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
creal.pyc
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
creal.pyc
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
spoofer.exe
-
Size
16.6MB
-
MD5
aaae9af892545b725f17b2234817fccc
-
SHA1
2cf5e4044bbc84f8d1898a9a9f71c7937bf876d5
-
SHA256
53245c0db33c4f8bab442ea125c58e50408796242462f81ed5bbef9d32f05352
-
SHA512
864a9d07e2880564ce97a52298b5a82aa15d968a5d2d512700f3c9b6de2c7da8e5b86a64106e9bb2d489aff1a302389d8eb7186ce7d94d03e4267ecd9b224708
-
SSDEEP
393216:CEkFqY49JWQsUcR4NzK1+TtIiFvY9Z8D8Ccl6lntEwPKksutK+:CND49YQFS1QtI6a8DZcIlt8kvK+
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
creal.pyc
-
Size
64KB
-
MD5
d8cd9403e6a921255a8445ff764c5462
-
SHA1
ffb521167871584ede34ad1d58d4c271fe7d2efc
-
SHA256
1bb6a413a556047809939bffaacb98796d1f94645d7341d8afe4bb0262e3f0bc
-
SHA512
81c714a00e5d89aec7da216181b25ca7d71e606792e8aa18af837c083c070d40f42843ef2ede8a214a26840be60c90b292770a1c56f3fdbc6276d2d7217a467f
-
SSDEEP
1536:7Tr7e+0Ql9pObo8BHWftXASFW08VgeOR2es:7TLYbo8B2VXASNMgeORk
Score3/10 -