General
-
Target
FIVEMREDENGINE.exe
-
Size
17.7MB
-
Sample
240522-l1995sbd4z
-
MD5
5d910e8a042dc45d5c9f138dfd9ffcfd
-
SHA1
3cf6822ba1207b2861efc05eac129b2fdec98be2
-
SHA256
820116facc6cab4c532c8b898316431867d243975ea994084157cea550505cd7
-
SHA512
afffc0a961aff721f36617a9e667b0b2e7b904b4ce8a67eb1b41739323f3f7a21aa5145a9142d0cf04f86df589e2ec814a9d7929bb38278847bf4a4cb397bc1e
-
SSDEEP
393216:Yxfz1FeREWudQuslN/m3pvfrAZYCuPJOmuSeg0WBJHr75QPjMKIISexp5PC:YxjeRidQu4KvMJuxdfz00qrMKjSexp5C
Malware Config
Targets
-
-
Target
FIVEMREDENGINE.exe
-
Size
17.7MB
-
MD5
5d910e8a042dc45d5c9f138dfd9ffcfd
-
SHA1
3cf6822ba1207b2861efc05eac129b2fdec98be2
-
SHA256
820116facc6cab4c532c8b898316431867d243975ea994084157cea550505cd7
-
SHA512
afffc0a961aff721f36617a9e667b0b2e7b904b4ce8a67eb1b41739323f3f7a21aa5145a9142d0cf04f86df589e2ec814a9d7929bb38278847bf4a4cb397bc1e
-
SSDEEP
393216:Yxfz1FeREWudQuslN/m3pvfrAZYCuPJOmuSeg0WBJHr75QPjMKIISexp5PC:YxjeRidQu4KvMJuxdfz00qrMKjSexp5C
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-