General
-
Target
s1lence.exe
-
Size
7.4MB
-
Sample
240523-az6d1sfa6x
-
MD5
668d1db9a3a70c9ecf654475f3369485
-
SHA1
31819dd4a5948424b3aac16e99ded3839ad7a8c1
-
SHA256
379d24f9014f75bb932c77c65f7d9508d456cba86ec45b22c542a035626140d1
-
SHA512
a2bf16b8b092326372152758d1485893aa578540fa5997041a60e03a1f527ee8cf3a38221deecb9a0d1d27561c75948241a0e08c9270a924cd3b9cb4744306e6
-
SSDEEP
196608:RrCO0cDeKG4+Ljv+bhqNVoBKUh8mz4Iv9Plu1D7AL:0ieT4CL+9qz8/b4IzuRAL
Behavioral task
behavioral1
Sample
s1lence.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
s1lence.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
?�ӂ�S�.pyc
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
?�ӂ�S�.pyc
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
s1lence.exe
-
Size
7.4MB
-
MD5
668d1db9a3a70c9ecf654475f3369485
-
SHA1
31819dd4a5948424b3aac16e99ded3839ad7a8c1
-
SHA256
379d24f9014f75bb932c77c65f7d9508d456cba86ec45b22c542a035626140d1
-
SHA512
a2bf16b8b092326372152758d1485893aa578540fa5997041a60e03a1f527ee8cf3a38221deecb9a0d1d27561c75948241a0e08c9270a924cd3b9cb4744306e6
-
SSDEEP
196608:RrCO0cDeKG4+Ljv+bhqNVoBKUh8mz4Iv9Plu1D7AL:0ieT4CL+9qz8/b4IzuRAL
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
?�ӂ�S�.pyc
-
Size
1KB
-
MD5
a19c3251c267c2fa03e28951ee280115
-
SHA1
6c47279bad66304df5b4904d9602fbb22122dcfa
-
SHA256
41852f56635c6aa2bda7e00a7872a90399b97eff58307189799dd2dd4cf71d82
-
SHA512
58ff90504fd53a58a5e31010baa754778d2718a007cc8e202e1dc0ea23e2d752c28f19e922ae764ba8674f5e8a49900395f8dd36f93eb025155e6cd5f4e23717
Score1/10 -