General
-
Target
geekcatpingreducer.rar
-
Size
7.3MB
-
Sample
240526-235ensgd38
-
MD5
1b96562a7c2d928d64cf9d0be827d1f0
-
SHA1
cf4cf037a15e07a54756f42c5cc016be5b294fb1
-
SHA256
ae03008ff5951f70aaac1dc39b90cf0b3ce5b5e47d646358ab22c6885a8ce683
-
SHA512
acd1f8712a515a262cd44ae3c0f848d68fd07bd888617f6bb4a36835980435391006df9ff175e1eddc17f96646df3e1f5c6e7ed80e03ef635299acd9f2155dc4
-
SSDEEP
196608:5giA4i1xM0WIwaLCeowJUyux6gFNWgRobvfDZJ:Cki1WCLCX8HskgmjZJ
Malware Config
Targets
-
-
Target
geekcatpingreducer.exe
-
Size
7.5MB
-
MD5
f8c63eca8b26883c30d2240008b07150
-
SHA1
ccfe5cf24b93114ceb5eca37d9412d3d5c9abd51
-
SHA256
1bbd2b8817ad1726c8bcc7a13611164010bf04f70527e0bc61c2e408c23330f4
-
SHA512
8b8f31931bc58dbefbaf74ca6072cdc91993eb5bfc2a683725939e44d935a5af53bf61a1fcfba4b061c362ad51b9efc45adffb94344cbf3806595272848d7f70
-
SSDEEP
196608:ar97YS6Kc5OshoKMuIkhVastRL5Di3uh1D7J9:CYS85OshouIkPftRL54YRJ9
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-