General
-
Target
START IT.exe
-
Size
20.0MB
-
Sample
240528-fzgzbagh62
-
MD5
312476739549378072868ac5b1e4ace9
-
SHA1
1d39ab2a8ab555b19442da93890f29a31cabd391
-
SHA256
895016aa995ac9b6c03eddcdbdfbacbb7d296e6d516f09996ec40c39164a1c9b
-
SHA512
38a9076f03978fed4d5826f5a81c7903538eaa45a3b0e2bd08315602a1bd223fbb6f03edd83e7f077b63dc354c0e990a614577eec939b777ca8704b65a342717
-
SSDEEP
98304:tR9+WCHTqi65sn6Wfz7pnxCjJaWlpx1dstaNoSwKHf1c3z5MOueAeF99h3kAbLcW:tGrsDOYjJlpZstQoS9Hf12VKXSb3hy+
Behavioral task
behavioral1
Sample
START IT.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
START IT.exe
-
Size
20.0MB
-
MD5
312476739549378072868ac5b1e4ace9
-
SHA1
1d39ab2a8ab555b19442da93890f29a31cabd391
-
SHA256
895016aa995ac9b6c03eddcdbdfbacbb7d296e6d516f09996ec40c39164a1c9b
-
SHA512
38a9076f03978fed4d5826f5a81c7903538eaa45a3b0e2bd08315602a1bd223fbb6f03edd83e7f077b63dc354c0e990a614577eec939b777ca8704b65a342717
-
SSDEEP
98304:tR9+WCHTqi65sn6Wfz7pnxCjJaWlpx1dstaNoSwKHf1c3z5MOueAeF99h3kAbLcW:tGrsDOYjJlpZstQoS9Hf12VKXSb3hy+
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-