General
-
Target
CONSCIOUSexternal_v1.3.exe
-
Size
16.3MB
-
Sample
240511-jbk8lsgc92
-
MD5
813671f7eb0d43da9d4d41e4b7452135
-
SHA1
bbc114df0ef4aac22d30f256c328ce7026274cdb
-
SHA256
5801792fac28dd7c901f4dea7a77b7a81697a7dbcf4f324dbe5bc3d44664fa8e
-
SHA512
4c9d21be2a02397ed2264b24eac2f0344ac1ab45a84ea3bbb7b2035f8307a987ee082d93ac5fc97360911e1032ae5439425908f5f1e6068a70b7e466849f5f16
-
SSDEEP
393216:X4wEkcqc4gP8AxYDX1+TtIiFvY9Z8D8Ccl6lnDE0PKksbtKo:X4wkz4bX71QtI6a8DZcIlDskwKo
Malware Config
Targets
-
-
Target
CONSCIOUSexternal_v1.3.exe
-
Size
16.3MB
-
MD5
813671f7eb0d43da9d4d41e4b7452135
-
SHA1
bbc114df0ef4aac22d30f256c328ce7026274cdb
-
SHA256
5801792fac28dd7c901f4dea7a77b7a81697a7dbcf4f324dbe5bc3d44664fa8e
-
SHA512
4c9d21be2a02397ed2264b24eac2f0344ac1ab45a84ea3bbb7b2035f8307a987ee082d93ac5fc97360911e1032ae5439425908f5f1e6068a70b7e466849f5f16
-
SSDEEP
393216:X4wEkcqc4gP8AxYDX1+TtIiFvY9Z8D8Ccl6lnDE0PKksbtKo:X4wkz4bX71QtI6a8DZcIlDskwKo
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-