General
-
Target
Dream Advanced.exe
-
Size
16.2MB
-
Sample
240527-as1j7aaf29
-
MD5
a0caa1a41ac394086e60e66c72238228
-
SHA1
3f1cb07be45e0bd9041aafced97923b2b0dab380
-
SHA256
d9f3adff28ab088956d6eeea5b04d8d12fcf8a4b11e15c55e5c8bfe0a934f7ca
-
SHA512
5c61053202d5f9b85f17b39e9b655151ca9f65f13d852f8ee21712e1a1e15f05cff2dd68c26453860b8779a22d721ee06ad1015237789a156c545f7913090589
-
SSDEEP
393216:GEkcqc4UJWQsUcR4NzK1+TtIiFvY9Z8D8Ccl6l91EfPKksbuKo:Gkz4UYQFS1QtI6a8DZcIlPzkBKo
Behavioral task
behavioral1
Sample
Dream Advanced.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
Dream Advanced.exe
-
Size
16.2MB
-
MD5
a0caa1a41ac394086e60e66c72238228
-
SHA1
3f1cb07be45e0bd9041aafced97923b2b0dab380
-
SHA256
d9f3adff28ab088956d6eeea5b04d8d12fcf8a4b11e15c55e5c8bfe0a934f7ca
-
SHA512
5c61053202d5f9b85f17b39e9b655151ca9f65f13d852f8ee21712e1a1e15f05cff2dd68c26453860b8779a22d721ee06ad1015237789a156c545f7913090589
-
SSDEEP
393216:GEkcqc4UJWQsUcR4NzK1+TtIiFvY9Z8D8Ccl6l91EfPKksbuKo:Gkz4UYQFS1QtI6a8DZcIlPzkBKo
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-