General
-
Target
Hamster_bot.zip
-
Size
41.9MB
-
Sample
240528-xt8crahe76
-
MD5
c1f6b3778981f9f78db7cd981834cdd6
-
SHA1
88acec27ab77872472c2849cb38e603c7cfef8c3
-
SHA256
1dae2f77f68cd904437938939b9f20e92bef43e54b0886a4b13efd8599d8e2c7
-
SHA512
9c7f4aebfbfa9904c8ba339f247238d8dec2c03f61e757ca7fe1a9fa11a77feb82db5f3a9206e0fb8677627b3331e81a4b5c4a72572cf518765267aa0c3f87e3
-
SSDEEP
786432:Xj5k57drXaMmPXikbH+Uus78+Xz0ngxWeI1Rl5GowHWQ1YvwZMcUVv1m:Xj5kNxaMtkbeUus7Nbgrl5GtKALUVvo
Malware Config
Extracted
Protocol: ftp- Host:
146.19.207.14 - Port:
21 - Username:
anonymous - Password:
anonymous@
Extracted
lumma
https://varianntyfeecterd.shop/api
https://horsedwollfedrwos.shop/api
https://patternapplauderw.shop/api
https://understanndtytonyguw.shop/api
https://considerrycurrentyws.shop/api
https://messtimetabledkolvk.shop/api
https://detailbaconroollyws.shop/api
https://deprivedrinkyfaiir.shop/api
https://relaxtionflouwerwi.shop/api
Targets
-
-
Target
Hamster Combat Bot.exe
-
Size
6.0MB
-
MD5
e4b54540b9179f0e0a33c0f2ceda41f9
-
SHA1
17188578cea65d937f53ad8613169ef9cf57d234
-
SHA256
b245e96d0038864a580de095bc6280d512482bf5f562737becf725f78220492b
-
SHA512
9b08a555e194edb4cd5a536cf85aef9623bc8b9892bc2ccfb2e757593e86ecc66e884884aaf2ce5b2bf49ff866ad72656908d33c762a01737330e6c18ae2bc7f
-
SSDEEP
196608:Lhj8W8xzimuukA7cfDCUWOWXSaioVAxUfcOd7:qcbmOWYoS2fFd
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-