General
-
Target
KEtamineV2.exe
-
Size
10.2MB
-
Sample
240525-x97fdsga62
-
MD5
c5a1640414856e85667460c0505f3407
-
SHA1
c0864e40a12ed6f45f9fb6731654a0e9285a8bec
-
SHA256
9d70292d24d388691e1d0a8df29be1d1cc15317922494f5498c32353b9c01bd3
-
SHA512
ebcc962a6653be0a0646bdeab56c695f5936f0950b88bd466eb97590b83cbed59bf528f16fff24b79faf5cc32373335e86a1a6b517a8c51e5a8fc8ce5457cffb
-
SSDEEP
196608:5hoKHEkfcdqBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMfEGQfk4oXKh:XEkfc4q1+TtIiFUY9Z8D8CcldlsNyXKh
Behavioral task
behavioral1
Sample
KEtamineV2.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
KEtamineV2.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
KEtamineV2.exe
Resource
win11-20240508-en
Behavioral task
behavioral4
Sample
cstealer.pyc
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
cstealer.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral6
Sample
cstealer.pyc
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
KEtamineV2.exe
-
Size
10.2MB
-
MD5
c5a1640414856e85667460c0505f3407
-
SHA1
c0864e40a12ed6f45f9fb6731654a0e9285a8bec
-
SHA256
9d70292d24d388691e1d0a8df29be1d1cc15317922494f5498c32353b9c01bd3
-
SHA512
ebcc962a6653be0a0646bdeab56c695f5936f0950b88bd466eb97590b83cbed59bf528f16fff24b79faf5cc32373335e86a1a6b517a8c51e5a8fc8ce5457cffb
-
SSDEEP
196608:5hoKHEkfcdqBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMfEGQfk4oXKh:XEkfc4q1+TtIiFUY9Z8D8CcldlsNyXKh
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
cstealer.pyc
-
Size
67KB
-
MD5
be2e2102253d18056ee313be704aa68c
-
SHA1
b6b10afc11bd8e5342ddd7226d57c04c35bc7859
-
SHA256
9fe66fcd864ed23290d48d9c0c712c6bd6cc1e8606837c3c4daed8e1a8e1deec
-
SHA512
5c62522917b984e552a5e4a6ab51ec648c47521c204a0015e10ebeb4bc40126b24908d95cee633b03917d87d6f034f851d4641d544cc0e760d128d6c51de9cb8
-
SSDEEP
1536:l0xqOgVxpqBJlMstbo88jLQQcXf9qS0Vr+LRheG:lqC/+bo88PiXX0r+LRP
Score3/10 -