General
-
Target
stealer.exe
-
Size
8.2MB
-
Sample
240531-aa8svagb82
-
MD5
b88ddf31b4c73b43f1a6c53dcbeb199b
-
SHA1
8b934d1960fff2b4f938d9f0d66280636f230076
-
SHA256
41105ecc06e070691c40aa3b8ea0ce8796cc26dd0918f25b1f77dabcc0cb8822
-
SHA512
8f9211d65a528d912ad2e5fc3d8e0438592c645549ae6aaf2fe8bbbe5b0673c207a679dfc9f4a0cecb9eb7b79daad6a399db223741201df209736bf4e044ccc8
-
SSDEEP
196608:+r5/3EzpCvDJLjv+bhqNVoB8Ck5c7GpNlpq41J2mrlvbk9qtlDfqWj:U4iL+9qz88Ck+7q3p91JNMqfqWj
Behavioral task
behavioral1
Sample
stealer.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
stealer.exe
-
Size
8.2MB
-
MD5
b88ddf31b4c73b43f1a6c53dcbeb199b
-
SHA1
8b934d1960fff2b4f938d9f0d66280636f230076
-
SHA256
41105ecc06e070691c40aa3b8ea0ce8796cc26dd0918f25b1f77dabcc0cb8822
-
SHA512
8f9211d65a528d912ad2e5fc3d8e0438592c645549ae6aaf2fe8bbbe5b0673c207a679dfc9f4a0cecb9eb7b79daad6a399db223741201df209736bf4e044ccc8
-
SSDEEP
196608:+r5/3EzpCvDJLjv+bhqNVoB8Ck5c7GpNlpq41J2mrlvbk9qtlDfqWj:U4iL+9qz88Ck+7q3p91JNMqfqWj
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-