Overview
overview
10Static
static
10Evil_Click....3.rar
windows7-x64
7Evil_Click....3.rar
windows10-2004-x64
3Evil Click...er.exe
windows7-x64
7Evil Click...er.exe
windows10-2004-x64
80v����.pyc
windows7-x64
0v����.pyc
windows10-2004-x64
Evil Click...SE.txt
windows7-x64
1Evil Click...SE.txt
windows10-2004-x64
1Evil Click...ME.txt
windows7-x64
1Evil Click...ME.txt
windows10-2004-x64
1General
-
Target
Evil_Clicker_-_V2.3.rar
-
Size
6.3MB
-
Sample
240527-bjd59sbg72
-
MD5
bcfd85efc0089831b8a486f485ec491d
-
SHA1
69901c7bcea1b720d638a2a94659b0015f2436cc
-
SHA256
719f171db28a450134885f2d94cd4ba99e2c7b02b805c7a3e086c1eb2c716131
-
SHA512
8ced7e61d6b40b633023f5563675ce8511a56f74de89590392e93282ff15f54757b0d6b45d59580d56c4800e2884581f9c2d2f19b17b46869b757bdb3ef4e4c1
-
SSDEEP
196608:sZdV/QuZSk/HqAb2LLUFXNIXLBq6QR2GbsWa:srVEk/Vb2LLIIXd02C5a
Behavioral task
behavioral1
Sample
Evil_Clicker_-_V2.3.rar
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Evil_Clicker_-_V2.3.rar
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Evil Clicker/EvilClicker.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Evil Clicker/EvilClicker.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
0v����.pyc
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
0v����.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Evil Clicker/LICENSE.txt
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Evil Clicker/LICENSE.txt
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
Evil Clicker/README.txt
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
Evil Clicker/README.txt
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
Evil_Clicker_-_V2.3.rar
-
Size
6.3MB
-
MD5
bcfd85efc0089831b8a486f485ec491d
-
SHA1
69901c7bcea1b720d638a2a94659b0015f2436cc
-
SHA256
719f171db28a450134885f2d94cd4ba99e2c7b02b805c7a3e086c1eb2c716131
-
SHA512
8ced7e61d6b40b633023f5563675ce8511a56f74de89590392e93282ff15f54757b0d6b45d59580d56c4800e2884581f9c2d2f19b17b46869b757bdb3ef4e4c1
-
SSDEEP
196608:sZdV/QuZSk/HqAb2LLUFXNIXLBq6QR2GbsWa:srVEk/Vb2LLIIXd02C5a
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
Evil Clicker/EvilClicker.exe
-
Size
6.5MB
-
MD5
8883035f1bcc3d1f2bdbe1f63939f169
-
SHA1
70e8a2e344c34b1c377f4f20a16d93b6c2f217c5
-
SHA256
1f320e63957226fc9f8100357bf6467b77c66e3e4827d44f9a4e66d60641522c
-
SHA512
f6211564267f9f86b10325ab6a7a1938063c72ce05c7e21e6a981f33f9b6502a3a68ba04f674d03767da493be8f10aa7d6b912e7753b49b515cd70bd9dfde72d
-
SSDEEP
196608:ar+BmDZeXRHvUWvozWOxu9kXwvdbDlA03NhnDetB8wZhUi6:fGcXRHdKbAlbZA03bDMBjb6
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
-
-
Target
0v����.pyc
-
Size
857B
-
MD5
8a7b17dd255040d2cf85e96a90f39db6
-
SHA1
1444e793280799282684021ace8ee7f16428fc79
-
SHA256
d3c7b09a9c4eea6a26affdfa0d343bbafbe19370053251da0b3adbc972dc29a1
-
SHA512
09c4ef3b25f8d2522d0c0e40242d19ca876f92f4407af37c56a1e86b3dd111c35ac437b2d3f84933fd6ce3b30ce8da924624a9ec110cedf31e0b6ca8e88194fe
Score1/10 -
-
-
Target
Evil Clicker/LICENSE.txt
-
Size
1KB
-
MD5
4995262d8a89e5f8677934b588cd1356
-
SHA1
8b83809648d15eb79c8eb78d87e44979f563a417
-
SHA256
a725070d879017f5274f7d0de6a8190c1da95864d0a63c23d1f4f7407b98553e
-
SHA512
84a6dcd94ffb5ba6833ae74433c6f46821eaccece12afd7c483369a63066d0aeaa731ad009e921786bbeffa55930650c77062d62fd5eb7214d23882e8ef66fa2
Score1/10 -
-
-
Target
Evil Clicker/README.txt
-
Size
179B
-
MD5
d538c8807004f3f4a9844c755ef38fc6
-
SHA1
0a2785864a2050147be4c9374973dbece8e32414
-
SHA256
d810a9cc32b5eaa7d0b0c6b1e5fe560df52a00653050ae91639e1484828f884d
-
SHA512
6a662ebf0918e9a17e60f788f6e1a37b04629fa7da3eb3e12602cc93c8e67902e6efe085274ae68f5229b5996ee7bd8325fefb63ce213a78fab2907b58ac053a
Score1/10 -