General
-
Target
cc_generator.exe
-
Size
6.9MB
-
Sample
240511-29x9yadf3y
-
MD5
d0ca6d5d4fe5fa540867ab50fd240f1b
-
SHA1
39708fe9d8deb122e0b02d358628d55a074ed598
-
SHA256
bfb2a0bbaf0fc6355cfce8f94a4b675d33734b31ed41a2d0d242d462ce487490
-
SHA512
9bb04a3942c04ca69e1cd7acad75faf61ec921b74a5517b7ecc6be587cc1fe3889d37f50f8e7e95053d7fed5ff99f86dcbc8fc6b39c6396c52fdc7d444c94233
-
SSDEEP
196608:NrNz0YCeNTfm/pf+xk4dWRGtrbWOjgWyM:3Ny/pWu4kRGtrbvMWyM
Behavioral task
behavioral1
Sample
cc_generator.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
cc_generator.exe
-
Size
6.9MB
-
MD5
d0ca6d5d4fe5fa540867ab50fd240f1b
-
SHA1
39708fe9d8deb122e0b02d358628d55a074ed598
-
SHA256
bfb2a0bbaf0fc6355cfce8f94a4b675d33734b31ed41a2d0d242d462ce487490
-
SHA512
9bb04a3942c04ca69e1cd7acad75faf61ec921b74a5517b7ecc6be587cc1fe3889d37f50f8e7e95053d7fed5ff99f86dcbc8fc6b39c6396c52fdc7d444c94233
-
SSDEEP
196608:NrNz0YCeNTfm/pf+xk4dWRGtrbWOjgWyM:3Ny/pWu4kRGtrbvMWyM
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-