General
-
Target
spoofer.exe
-
Size
10.4MB
-
Sample
240522-l2gdfsbd5w
-
MD5
9e26b41b93cf8862c39ea4c1b8e49f6d
-
SHA1
3b43b7acf73e98586403b841d92d5ba95c720774
-
SHA256
7a06f8605ac9da86fa2f268bcb9edac6679fd52ee351214dddcf61ad8f1effc0
-
SHA512
02954edea0595da5fb17424216b86803d0d50b4994819576c416e28cda064751c6b5d7244f478b051e9ea5f1834cafc6e09f9b7781cccc3d694cb16ef203865e
-
SSDEEP
196608:Ph4D+EkfPs1qBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMfQqhQRH2ViVtKh:1Ekftq1+TtIiFUY9Z8D8Ccldl4qeXVt4
Malware Config
Targets
-
-
Target
spoofer.exe
-
Size
10.4MB
-
MD5
9e26b41b93cf8862c39ea4c1b8e49f6d
-
SHA1
3b43b7acf73e98586403b841d92d5ba95c720774
-
SHA256
7a06f8605ac9da86fa2f268bcb9edac6679fd52ee351214dddcf61ad8f1effc0
-
SHA512
02954edea0595da5fb17424216b86803d0d50b4994819576c416e28cda064751c6b5d7244f478b051e9ea5f1834cafc6e09f9b7781cccc3d694cb16ef203865e
-
SSDEEP
196608:Ph4D+EkfPs1qBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMfQqhQRH2ViVtKh:1Ekftq1+TtIiFUY9Z8D8Ccldl4qeXVt4
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-