General
-
Target
VoidBeta.rar
-
Size
7.2MB
-
Sample
240531-elkmlsed8x
-
MD5
193062112d1d4ccdc16e635acf5542e5
-
SHA1
35072633d6400c4a3c493832d0f0669d61e9c35b
-
SHA256
5d0dfb6487cb5cd027644670048f255b465124c106ee43f94a7566b8b748535d
-
SHA512
8f869b7f4e6a8e1e45d0ee02b3a99f008b65fa12d573684afb903395eb464e06cd25906f24afa755fe957df29e25c64eae6376a8edc5982acfb2d54966afc8d2
-
SSDEEP
196608:nehnH99SKtBLYPsMtVHfQO7tOUtl8GvcpGGky8Pa:ehdptB1MXQOpdl7cpGGkTPa
Behavioral task
behavioral1
Sample
VoidBeta/VoidBeta.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
VoidBeta/VoidBeta.exe
-
Size
7.4MB
-
MD5
247217477ecaaa189d0d6e99530f9a5d
-
SHA1
a61aa6f5bf9ccb7fa02b02833120dea91b64b594
-
SHA256
838f8253ab0565b1af383cb26371138bfc4b7aae99d0dab056a28670c28829f7
-
SHA512
b59034734fab28f87feb9ddb01788bce7e78f42f3c7b5fa109ce438c291b838748455742dfe5048686f53fe5479a9fc6cd0142c6b0b0f3d139fd90127482911d
-
SSDEEP
196608:jrEeZurErvI9pWjgyvoaYrE41JIuIqoxkR:JZurEUWjdo/H1J9oGR
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-