General
-
Target
incognito.exe
-
Size
6.9MB
-
Sample
240530-zwjhhshg7v
-
MD5
390b34f2fedb7ff82e75f98fdaefaf08
-
SHA1
dbbdf6d8e8592656d30b9520609dcca947fea9d5
-
SHA256
6c737aa21ec1ff913f39c162c6b29a771051f7bbd4cb9fbc16a80c86d41949ec
-
SHA512
d0560e6785373296c3e8b4d3a96a2744e0ec4874aadeae61d83aad4ed6bd0e52d87aca41e736a223bab45e13791d4ef07bb5ef778f0069156fcc5d86ff75cc90
-
SSDEEP
98304:krluDjWM8JEE1rGamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRGYKJJcGhEIl:krlu0/eNTfm/pf+xk4dWRGtrbWOjgWyS
Malware Config
Targets
-
-
Target
incognito.exe
-
Size
6.9MB
-
MD5
390b34f2fedb7ff82e75f98fdaefaf08
-
SHA1
dbbdf6d8e8592656d30b9520609dcca947fea9d5
-
SHA256
6c737aa21ec1ff913f39c162c6b29a771051f7bbd4cb9fbc16a80c86d41949ec
-
SHA512
d0560e6785373296c3e8b4d3a96a2744e0ec4874aadeae61d83aad4ed6bd0e52d87aca41e736a223bab45e13791d4ef07bb5ef778f0069156fcc5d86ff75cc90
-
SSDEEP
98304:krluDjWM8JEE1rGamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRGYKJJcGhEIl:krlu0/eNTfm/pf+xk4dWRGtrbWOjgWyS
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-