General
-
Target
impact_spoofer.exe
-
Size
6.0MB
-
Sample
240531-bzszcsbd37
-
MD5
51404c7e914f379cf9422e723dcf8394
-
SHA1
45f42f018d0b63cf6a759164e047e3688a6bcdf3
-
SHA256
8c64138979cd1fa9f3e8b85750f4d664a58749486d6d40ef5f67a48d3deed612
-
SHA512
7aa21406843915b4c4ca77d228a0ad625fc8a33b7793a9894aeb63511188f014f817357a1b011b7908140a34ed96d8fcb4902f6ada84dac36d9c4de3a2000a4b
-
SSDEEP
98304:HraPEtdFBg3zamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4ROBMDm238I2:Hra+FHeN/FJMIDJf0gsAGK4ROuDh2
Behavioral task
behavioral1
Sample
impact_spoofer.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
impact_spoofer.exe
-
Size
6.0MB
-
MD5
51404c7e914f379cf9422e723dcf8394
-
SHA1
45f42f018d0b63cf6a759164e047e3688a6bcdf3
-
SHA256
8c64138979cd1fa9f3e8b85750f4d664a58749486d6d40ef5f67a48d3deed612
-
SHA512
7aa21406843915b4c4ca77d228a0ad625fc8a33b7793a9894aeb63511188f014f817357a1b011b7908140a34ed96d8fcb4902f6ada84dac36d9c4de3a2000a4b
-
SSDEEP
98304:HraPEtdFBg3zamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4ROBMDm238I2:Hra+FHeN/FJMIDJf0gsAGK4ROuDh2
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-