General
-
Target
8e56baf2b6e7a8f16d0f023d4d220fa86349a6b281e50d0b3bd1f2e5b7d87a4f
-
Size
7.0MB
-
Sample
240531-rqj8vsbg74
-
MD5
1de88b87af853d8c0bbdba884f2d0f4b
-
SHA1
28861b7f59ca69e94e8db88899b9928fcbd4307f
-
SHA256
8e56baf2b6e7a8f16d0f023d4d220fa86349a6b281e50d0b3bd1f2e5b7d87a4f
-
SHA512
cdb0caafa53ae93dda3b17d3985e08f6e49c0ba0011f7acc68383658868ff42c5deb0ccdc157ca35c3d71f2d3dfb0fc10fb0b085904167b1e965dfea8e544a04
-
SSDEEP
196608:nrN40zXeNTfm/pf+xk4dWRGtrbWOjgWy9:Lky/pWu4kRGtrbvMWy9
Behavioral task
behavioral1
Sample
8e56baf2b6e7a8f16d0f023d4d220fa86349a6b281e50d0b3bd1f2e5b7d87a4f.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
8e56baf2b6e7a8f16d0f023d4d220fa86349a6b281e50d0b3bd1f2e5b7d87a4f
-
Size
7.0MB
-
MD5
1de88b87af853d8c0bbdba884f2d0f4b
-
SHA1
28861b7f59ca69e94e8db88899b9928fcbd4307f
-
SHA256
8e56baf2b6e7a8f16d0f023d4d220fa86349a6b281e50d0b3bd1f2e5b7d87a4f
-
SHA512
cdb0caafa53ae93dda3b17d3985e08f6e49c0ba0011f7acc68383658868ff42c5deb0ccdc157ca35c3d71f2d3dfb0fc10fb0b085904167b1e965dfea8e544a04
-
SSDEEP
196608:nrN40zXeNTfm/pf+xk4dWRGtrbWOjgWy9:Lky/pWu4kRGtrbvMWy9
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-