e9c194df872c6e4089b4c496155bd85770399b48d424566ea24444b60b51b484

General

Target

fatedsky-1.exe
Size

100.0MB
Sample

240526-mvpxpagc73
MD5

0a497afc60a745a982122517c3fbff34
SHA1

1684d4104f5b584ffdfe84dddd6d9fa6be935e77
SHA256

e9c194df872c6e4089b4c496155bd85770399b48d424566ea24444b60b51b484
SHA512

5dedfda0f48b9448801ba019ed0312b9c3632055375ee4677d71b5ccfa837cb794a43a2d482c6c65c0ad4fe446b03025921380818a4a02a3699db4ea7f5839c4
SSDEEP

3145728:DIEoqVeDSsIrnRFgpqrIaJ92DvNNasN0e:DIb0eDSsinRFgpa5qcsme

Score

9^/10

Malware Config

Targets

- Target
  
  fatedsky-1.exe
- Size
  
  100.0MB
- MD5
  
  0a497afc60a745a982122517c3fbff34
- SHA1
  
  1684d4104f5b584ffdfe84dddd6d9fa6be935e77
- SHA256
  
  e9c194df872c6e4089b4c496155bd85770399b48d424566ea24444b60b51b484
- SHA512
  
  5dedfda0f48b9448801ba019ed0312b9c3632055375ee4677d71b5ccfa837cb794a43a2d482c6c65c0ad4fe446b03025921380818a4a02a3699db4ea7f5839c4
- SSDEEP
  
  3145728:DIEoqVeDSsIrnRFgpqrIaJ92DvNNasN0e:DIb0eDSsinRFgpa5qcsme
Score

9^/10

evasion execution persistence pyinstaller spyware stealer upx
- Enumerates VirtualBox DLL files
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2