General
-
Target
main (2).exe
-
Size
8.2MB
-
Sample
240530-21rqssdb7w
-
MD5
2ca7b3a2e88de7a3d96da4b3e5b5c0bf
-
SHA1
b50e1216a0b9cdb880f528841c0c56a1f4e3c9ab
-
SHA256
80638ddd74709767676baa5d42a26fca00c16333594f847b0a837dd9bd661e70
-
SHA512
7e5364f5b7ad87ca8ff09b29cd94dba3859d90ef517f13843912a6b455893ddae55ceb873c5d55383b5d38b9df3976482f212ac439b70dfa8073a0c57aaf4fd1
-
SSDEEP
196608:brq4+IQQW1urErvI9pWjgaAnajMsbSEo2rGN6nzC+dMztKjxl:uyourEUWjJjIfGGNmytKjxl
Behavioral task
behavioral1
Sample
main (2).exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
main (2).exe
-
Size
8.2MB
-
MD5
2ca7b3a2e88de7a3d96da4b3e5b5c0bf
-
SHA1
b50e1216a0b9cdb880f528841c0c56a1f4e3c9ab
-
SHA256
80638ddd74709767676baa5d42a26fca00c16333594f847b0a837dd9bd661e70
-
SHA512
7e5364f5b7ad87ca8ff09b29cd94dba3859d90ef517f13843912a6b455893ddae55ceb873c5d55383b5d38b9df3976482f212ac439b70dfa8073a0c57aaf4fd1
-
SSDEEP
196608:brq4+IQQW1urErvI9pWjgaAnajMsbSEo2rGN6nzC+dMztKjxl:uyourEUWjJjIfGGNmytKjxl
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-