General
-
Target
NovaRBX.exe
-
Size
11.0MB
-
Sample
240529-tyd3xsbe9w
-
MD5
fea0d725220c95cfcc57417b9b682284
-
SHA1
41261f9656756fb6fe024ad5f8000b346782764b
-
SHA256
be425c0983d8306b1fdeb3feef2ad6f1c4ffdc722070867f13635beb9bc5bc7e
-
SHA512
e96c4efdd643cbe2d1e9f4202b2029b80d0c538123ca8040f037f657ae8966a2a30c7dddde950d36716c3235460d0d50afa3cb54174d9d6ae6c12cda45e11b8f
-
SSDEEP
196608:Jsjmgg1PpGAjMGhuPD5U4YA1HeT39IigwCeE9TFa0Z8DOjCdylAM0QjZ/ko0k:Hgg1P8AxYDX1+TtIiFPY9Z8D8CclAOPv
Behavioral task
behavioral1
Sample
NovaRBX.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
NovaRBX.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
NovaRBX.exe
-
Size
11.0MB
-
MD5
fea0d725220c95cfcc57417b9b682284
-
SHA1
41261f9656756fb6fe024ad5f8000b346782764b
-
SHA256
be425c0983d8306b1fdeb3feef2ad6f1c4ffdc722070867f13635beb9bc5bc7e
-
SHA512
e96c4efdd643cbe2d1e9f4202b2029b80d0c538123ca8040f037f657ae8966a2a30c7dddde950d36716c3235460d0d50afa3cb54174d9d6ae6c12cda45e11b8f
-
SSDEEP
196608:Jsjmgg1PpGAjMGhuPD5U4YA1HeT39IigwCeE9TFa0Z8DOjCdylAM0QjZ/ko0k:Hgg1P8AxYDX1+TtIiFPY9Z8D8CclAOPv
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-