General
-
Target
1306369409e20dca88c39130d79e38dd889df6c06591102be5d251fd4071ca64
-
Size
6.9MB
-
Sample
240527-ygqgvafg31
-
MD5
bf18bb02b51874987a314cbee503f426
-
SHA1
0ff7983c47cc5e2ab803c9a357ddd1d234a3e278
-
SHA256
1306369409e20dca88c39130d79e38dd889df6c06591102be5d251fd4071ca64
-
SHA512
c53eebaa430338f251a8c4833875257978bf247425c38789b87fd722376a3b1136985245f5ec7102d83b453c6de0586f9666c7c1bbc6a8e67aac1ae94374e2a9
-
SSDEEP
196608:Dr720XleNTfm/pf+xk4dWRGtrbWOjgWyb:Gy/pWu4kRGtrbvMWyb
Behavioral task
behavioral1
Sample
1306369409e20dca88c39130d79e38dd889df6c06591102be5d251fd4071ca64.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
1306369409e20dca88c39130d79e38dd889df6c06591102be5d251fd4071ca64
-
Size
6.9MB
-
MD5
bf18bb02b51874987a314cbee503f426
-
SHA1
0ff7983c47cc5e2ab803c9a357ddd1d234a3e278
-
SHA256
1306369409e20dca88c39130d79e38dd889df6c06591102be5d251fd4071ca64
-
SHA512
c53eebaa430338f251a8c4833875257978bf247425c38789b87fd722376a3b1136985245f5ec7102d83b453c6de0586f9666c7c1bbc6a8e67aac1ae94374e2a9
-
SSDEEP
196608:Dr720XleNTfm/pf+xk4dWRGtrbWOjgWyb:Gy/pWu4kRGtrbvMWyb
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-