General
-
Target
triggerbot.exe
-
Size
6.3MB
-
Sample
240530-v7crwsgd74
-
MD5
61d00638dc9b675029fa77ce234b63c8
-
SHA1
ec0b83c515ffe998f508e63be9587637d5f2ba7d
-
SHA256
562011f4373d048ed2b60deb22b126686aee96ceac8255196d599b5f9f378416
-
SHA512
6d1e249bc6a0a9a098a1c09fbc55fad2522ebdff2cbf201f066925cf1dbe60c74ae9582831166b902c2e0d18f5233ef4a3cbb78104c2d2ae86a1f654b7024900
-
SSDEEP
98304:yQ9HY75YthUIccRacg/BGfO1q4HNK0zbup/xzcq8zAFPjv9JT1sOBN3o1ST:nm5e6IraRRnz+R8zmPf1D7JT
Behavioral task
behavioral1
Sample
triggerbot.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
triggerbot.exe
-
Size
6.3MB
-
MD5
61d00638dc9b675029fa77ce234b63c8
-
SHA1
ec0b83c515ffe998f508e63be9587637d5f2ba7d
-
SHA256
562011f4373d048ed2b60deb22b126686aee96ceac8255196d599b5f9f378416
-
SHA512
6d1e249bc6a0a9a098a1c09fbc55fad2522ebdff2cbf201f066925cf1dbe60c74ae9582831166b902c2e0d18f5233ef4a3cbb78104c2d2ae86a1f654b7024900
-
SSDEEP
98304:yQ9HY75YthUIccRacg/BGfO1q4HNK0zbup/xzcq8zAFPjv9JT1sOBN3o1ST:nm5e6IraRRnz+R8zmPf1D7JT
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-