General
-
Target
System.exe
-
Size
7.4MB
-
Sample
240524-rznyeahf99
-
MD5
96a0c26a95c071ce8699b886ad5155e6
-
SHA1
d26c1db26de94b68aa2aeb77907830af94c604c4
-
SHA256
47c02e1c2a2762144d0437444bba0f7a867c58dd64078e026a6594b236422b58
-
SHA512
aa854bd65a5091d62957e312dbdf72a26d9d20d23fdd37f842ba84b22b51940be92f573a0416e1c1eefc3bb75e9e73b37d4d455ca4ef5dd6a260a381702e29a1
-
SSDEEP
196608:Treh0cDeLLjv+bhqNVoBKUh8mz4Iv9Plu1D7A+:hievL+9qz8/b4IzuRA+
Behavioral task
behavioral1
Sample
System.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
System.exe
-
Size
7.4MB
-
MD5
96a0c26a95c071ce8699b886ad5155e6
-
SHA1
d26c1db26de94b68aa2aeb77907830af94c604c4
-
SHA256
47c02e1c2a2762144d0437444bba0f7a867c58dd64078e026a6594b236422b58
-
SHA512
aa854bd65a5091d62957e312dbdf72a26d9d20d23fdd37f842ba84b22b51940be92f573a0416e1c1eefc3bb75e9e73b37d4d455ca4ef5dd6a260a381702e29a1
-
SSDEEP
196608:Treh0cDeLLjv+bhqNVoBKUh8mz4Iv9Plu1D7A+:hievL+9qz8/b4IzuRA+
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-