General
-
Target
946cad81db1d7f061cced089ccda7fc4fa2fca82e62e940348682da4cca3d24a.exe
-
Size
5.9MB
-
Sample
240522-cfd7jaha2x
-
MD5
82783812e82bd062967d473332b45f93
-
SHA1
c7f991ed9a50a837e19c26fa3ef45ad24228495b
-
SHA256
946cad81db1d7f061cced089ccda7fc4fa2fca82e62e940348682da4cca3d24a
-
SHA512
459b03f4f0342422144c08e81a9ee3c6940b4c894b7b5c7f42e37bd9fae81ba1015999574ab3a554a81466e7569d3e81aee11afc1d8f9bfcb9d3c5d6ee7d9c94
-
SSDEEP
98304:0rTzvMhjdOUei65sn6Wfz7pnxCMJk1JTxuZ3zEgyOFRyn26iI2kr2b4pnjZpbR:0rTY0DOYMJeJT44xn26T2CHnNVR
Behavioral task
behavioral1
Sample
946cad81db1d7f061cced089ccda7fc4fa2fca82e62e940348682da4cca3d24a.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
946cad81db1d7f061cced089ccda7fc4fa2fca82e62e940348682da4cca3d24a.exe
-
Size
5.9MB
-
MD5
82783812e82bd062967d473332b45f93
-
SHA1
c7f991ed9a50a837e19c26fa3ef45ad24228495b
-
SHA256
946cad81db1d7f061cced089ccda7fc4fa2fca82e62e940348682da4cca3d24a
-
SHA512
459b03f4f0342422144c08e81a9ee3c6940b4c894b7b5c7f42e37bd9fae81ba1015999574ab3a554a81466e7569d3e81aee11afc1d8f9bfcb9d3c5d6ee7d9c94
-
SSDEEP
98304:0rTzvMhjdOUei65sn6Wfz7pnxCMJk1JTxuZ3zEgyOFRyn26iI2kr2b4pnjZpbR:0rTY0DOYMJeJT44xn26T2CHnNVR
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-