General
-
Target
CCB-Importxlsx.exe
-
Size
13.1MB
-
Sample
240516-wvvmlshe32
-
MD5
ab740bc551a267cf931f53ef0bff682d
-
SHA1
ffe4b31735ca554a18421952b8b851e98118db10
-
SHA256
759d59a9d5473c2c36677c2c98e56100c3fa1e78180ca50cb77fd723ef804cd2
-
SHA512
a105edcbcae676ec96f65963786be56114adbc81b494e7740d0277540fd89016a6956a98c8020ee819350e413081d47b22599a3da8c69d5ad28aa2a382d28b57
-
SSDEEP
393216:OEkiQdqRdQJluIF3MnG3/l5L4+upm2uXi76LLbIg:OaqKdQt3MGzM+Z9LM
Behavioral task
behavioral1
Sample
CCB-Importxlsx.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
CCB-Importxlsx.exe
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
CCB-Importxlsx.exe
-
Size
13.1MB
-
MD5
ab740bc551a267cf931f53ef0bff682d
-
SHA1
ffe4b31735ca554a18421952b8b851e98118db10
-
SHA256
759d59a9d5473c2c36677c2c98e56100c3fa1e78180ca50cb77fd723ef804cd2
-
SHA512
a105edcbcae676ec96f65963786be56114adbc81b494e7740d0277540fd89016a6956a98c8020ee819350e413081d47b22599a3da8c69d5ad28aa2a382d28b57
-
SSDEEP
393216:OEkiQdqRdQJluIF3MnG3/l5L4+upm2uXi76LLbIg:OaqKdQt3MGzM+Z9LM
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-