General
-
Target
MethodReveal.exe
-
Size
7.8MB
-
Sample
240527-ka3a6see65
-
MD5
7e7fb275ebc957cd3ed7d41b9e98fb7a
-
SHA1
901241ec731481ad3742ffc8fc2273887e86f067
-
SHA256
aada5d2ccd000bee80fb654d3a29b0e9d12f0aef11ae2dda9db07ed6b92e8170
-
SHA512
0edd54467e4de8da0d5ae506f8165efce2e537aac801eec1a29f8dc94e163bc582763ee95925af754eabbd9091c81e6ed43d9080f53afd684d014b2a9f448a48
-
SSDEEP
98304:HRgzHqdVfB2T0S27wYpFyuT/9vUIdD9C+z3zO917vOTh+ezDNhCSpXq4JvmJ1nmB:H2QsTqpFbT/9bvLz3S1bA3zCSEpn97Yd
Malware Config
Targets
-
-
Target
MethodReveal.exe
-
Size
7.8MB
-
MD5
7e7fb275ebc957cd3ed7d41b9e98fb7a
-
SHA1
901241ec731481ad3742ffc8fc2273887e86f067
-
SHA256
aada5d2ccd000bee80fb654d3a29b0e9d12f0aef11ae2dda9db07ed6b92e8170
-
SHA512
0edd54467e4de8da0d5ae506f8165efce2e537aac801eec1a29f8dc94e163bc582763ee95925af754eabbd9091c81e6ed43d9080f53afd684d014b2a9f448a48
-
SSDEEP
98304:HRgzHqdVfB2T0S27wYpFyuT/9vUIdD9C+z3zO917vOTh+ezDNhCSpXq4JvmJ1nmB:H2QsTqpFbT/9bvLz3S1bA3zCSEpn97Yd
-
Modifies visiblity of hidden/system files in Explorer
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-