General
-
Target
UPGRADER.exe
-
Size
6.9MB
-
Sample
240524-shcdqaad73
-
MD5
94e23cdd6b08b5676c3a26ec85236966
-
SHA1
02af1dc4444df4ccd2d9c44ad0e5bdb5ca7ac5fe
-
SHA256
bf1bf24d9ea04f41a0d819cf26ea74c1a2d13395dc85860e8945d20e11d2158a
-
SHA512
fed3b600d45bf8447b335eecb3c8bd1e8ac33bf8efb3e4ec5a2d804e6f2fc615d90894625c0320b79113a77248d597a1923eb3b09f2109ada44ce0e0b547c181
-
SSDEEP
196608:grGT0cKeNTfm/pf+xk4dWRGtrbWOjgWy4:Ry/pWu4kRGtrbvMWy4
Behavioral task
behavioral1
Sample
UPGRADER.exe
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
UPGRADER.exe
-
Size
6.9MB
-
MD5
94e23cdd6b08b5676c3a26ec85236966
-
SHA1
02af1dc4444df4ccd2d9c44ad0e5bdb5ca7ac5fe
-
SHA256
bf1bf24d9ea04f41a0d819cf26ea74c1a2d13395dc85860e8945d20e11d2158a
-
SHA512
fed3b600d45bf8447b335eecb3c8bd1e8ac33bf8efb3e4ec5a2d804e6f2fc615d90894625c0320b79113a77248d597a1923eb3b09f2109ada44ce0e0b547c181
-
SSDEEP
196608:grGT0cKeNTfm/pf+xk4dWRGtrbWOjgWy4:Ry/pWu4kRGtrbvMWy4
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-