General
-
Target
freedom-patch-128122.exe
-
Size
4.8MB
-
Sample
240515-ntlz3sff3y
-
MD5
8f24135b82683e2213db30adc4fb896d
-
SHA1
593748ef90830147919164f089af67dccdae19d4
-
SHA256
dad5ddd145ca40d72c91e6eb6a498ca077f1023057fa5dcbd9a1effbd6c78d54
-
SHA512
9c82a7dc4757d03f0781bdf43ae8814a8e401e9a391fbf19dc53e79c89bbdd1d153e04824dac234acd4a47455ad8fe2ccd73ecbf56c769dfebcef5468aa5ab7b
-
SSDEEP
98304:Zn927L7OUktystJR0rh+M7TaIDSa0817mZsJ/BpF+WBP1gEtJ:Zn9kfOUkostJRG+M7WIi8RmqF7Bd
Behavioral task
behavioral1
Sample
freedom-patch-128122.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
freedom-patch-128122.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
freedom-patch-128122.exe
-
Size
4.8MB
-
MD5
8f24135b82683e2213db30adc4fb896d
-
SHA1
593748ef90830147919164f089af67dccdae19d4
-
SHA256
dad5ddd145ca40d72c91e6eb6a498ca077f1023057fa5dcbd9a1effbd6c78d54
-
SHA512
9c82a7dc4757d03f0781bdf43ae8814a8e401e9a391fbf19dc53e79c89bbdd1d153e04824dac234acd4a47455ad8fe2ccd73ecbf56c769dfebcef5468aa5ab7b
-
SSDEEP
98304:Zn927L7OUktystJR0rh+M7TaIDSa0817mZsJ/BpF+WBP1gEtJ:Zn9kfOUkostJRG+M7WIi8RmqF7Bd
Score10/10-
Detects PlanetStealer
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-