General
-
Target
Built.exe
-
Size
17.0MB
-
Sample
240530-zzapsabb48
-
MD5
e298f85d08856f8cff01346df98331d9
-
SHA1
b3e6194d27e46102b0d2e338a39c08e385b59830
-
SHA256
98367134abaa4e5c12d7f768e3127d90c754bfe31081dc6e26d8fb60d7f117a5
-
SHA512
fb7bdae3b6d301cdee5eb7752f39b6dad1f1bb0e67f67b2e62a639082844d2cbac14900f3881953f7f851303e19a077f295e9832bbf33225910b9239c5ecd3ac
-
SSDEEP
196608:YraZ0dAeNTfm/pf+xk4dWRGtrbWOjgWyV:my/pWu4kRGtrbvMWyV
Malware Config
Targets
-
-
Target
Built.exe
-
Size
17.0MB
-
MD5
e298f85d08856f8cff01346df98331d9
-
SHA1
b3e6194d27e46102b0d2e338a39c08e385b59830
-
SHA256
98367134abaa4e5c12d7f768e3127d90c754bfe31081dc6e26d8fb60d7f117a5
-
SHA512
fb7bdae3b6d301cdee5eb7752f39b6dad1f1bb0e67f67b2e62a639082844d2cbac14900f3881953f7f851303e19a077f295e9832bbf33225910b9239c5ecd3ac
-
SSDEEP
196608:YraZ0dAeNTfm/pf+xk4dWRGtrbWOjgWyV:my/pWu4kRGtrbvMWyV
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-