General
-
Target
Ethereal.exe
-
Size
11.1MB
-
Sample
240528-klen9adh94
-
MD5
378e476a483942485b9fc91c45a352f2
-
SHA1
54860021523e00f1dfc6bfb887a51c5b987ff56d
-
SHA256
9fc4e43929368cd9f3fff81b94d9a3fc5f9f4035f1e11ba7a16763ab4d1d9d2a
-
SHA512
c9d048603b6c84d552fc40a8932e6f24f13034af92c6e0b772c91525bb000dd5401ec4e1edf0a6cc9ec94d54beeed06672e25fd18c7baa6ed9b8854a95123fd8
-
SSDEEP
196608:AhCvzCEkfGJdqBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMf8X/O2hGQfkdoyKh:FCEkfG4q1+TtIiFUY9Z8D8CcldloNhNV
Behavioral task
behavioral1
Sample
Ethereal.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Ethereal.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
cstealer.pyc
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
cstealer.pyc
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Ethereal.exe
-
Size
11.1MB
-
MD5
378e476a483942485b9fc91c45a352f2
-
SHA1
54860021523e00f1dfc6bfb887a51c5b987ff56d
-
SHA256
9fc4e43929368cd9f3fff81b94d9a3fc5f9f4035f1e11ba7a16763ab4d1d9d2a
-
SHA512
c9d048603b6c84d552fc40a8932e6f24f13034af92c6e0b772c91525bb000dd5401ec4e1edf0a6cc9ec94d54beeed06672e25fd18c7baa6ed9b8854a95123fd8
-
SSDEEP
196608:AhCvzCEkfGJdqBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMf8X/O2hGQfkdoyKh:FCEkfG4q1+TtIiFUY9Z8D8CcldloNhNV
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
cstealer.pyc
-
Size
67KB
-
MD5
036d49d6b35dfb6f43e6ce66f6cb329b
-
SHA1
d5dd66bbb5edaac5576e640af3c04c938052577d
-
SHA256
85689213b1f1c5341f004a21795ed7ec063e1805d41dc7716fc5367ed6053943
-
SHA512
b86d6cc29691d46d625924b4528cd174bdf9f2060a82028c2a88baa0567796c40179566324b37006515c66698f441e89c17f561da8ea431970940f937ff8d7c9
-
SSDEEP
1536:l0xqOgTxpqBJlMstbo88jLQQcXf9qS0Vr+LRheG:lqc/+bo88PiXX0r+LRP
Score3/10 -