bdc61e24b03db5dbdeaf7979906ea51f0bfe388b41d8e7e80bde6d9acd716bba | Triage

Sharing

General

Target

bdc61e24b03db5dbdeaf7979906ea51f0bfe388b41d8e7e80bde6d9acd716bba.exe
Size

4.9MB
Sample

240522-cqxfvshb58
MD5

d9a7d15ae1511095bc12d4faa9be6f70
SHA1

b90fbb35eb6dd050e4829ecac702feab90f58859
SHA256

bdc61e24b03db5dbdeaf7979906ea51f0bfe388b41d8e7e80bde6d9acd716bba
SHA512

f913e5bbb998ad8a391ea99c6d045081da5af128b9391c3a0249ec4eeb9a504be796b3315e7c5b4bae825b7629527719a845a974f4eba37bd0233b86e5483e25
SSDEEP

98304:NllmCKfheKnF4Gnuyjscn9GtGOqHLixnkmb0ZKH4lODcxSgo5Gn8WuMRIn+N3gNX:NllmCKfY2uWUMBHLi6mb0ZKH4lODcxSL

Score

10^/10

spyware

Malware Config

Targets

- Target
  
  bdc61e24b03db5dbdeaf7979906ea51f0bfe388b41d8e7e80bde6d9acd716bba.exe
- Size
  
  4.9MB
- MD5
  
  d9a7d15ae1511095bc12d4faa9be6f70
- SHA1
  
  b90fbb35eb6dd050e4829ecac702feab90f58859
- SHA256
  
  bdc61e24b03db5dbdeaf7979906ea51f0bfe388b41d8e7e80bde6d9acd716bba
- SHA512
  
  f913e5bbb998ad8a391ea99c6d045081da5af128b9391c3a0249ec4eeb9a504be796b3315e7c5b4bae825b7629527719a845a974f4eba37bd0233b86e5483e25
- SSDEEP
  
  98304:NllmCKfheKnF4Gnuyjscn9GtGOqHLixnkmb0ZKH4lODcxSgo5Gn8WuMRIn+N3gNX:NllmCKfY2uWUMBHLi6mb0ZKH4lODcxSL
Score

9^/10

spyware
- Detects executables packed with Dotfuscator
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2