General
-
Target
ab28768c0f4d1c8d01495d05d1a2a7b1a8c6d13ce6fc2f47cc3bc52a2c20cda5
-
Size
6.9MB
-
Sample
240531-sl6fzach49
-
MD5
70a15c668cfd87165bd44d4458462544
-
SHA1
a49e7f130d702ed255fb5f422e237e90eeef533f
-
SHA256
ab28768c0f4d1c8d01495d05d1a2a7b1a8c6d13ce6fc2f47cc3bc52a2c20cda5
-
SHA512
99c17ee92e5e5fa9ddf58ade51e24b47f346634c6b6f449d38967a8d6b8340decd98cd4c274b08c310476f1a13153e8c490d78e9f8987aebfa42f1c312c974a0
-
SSDEEP
98304:GrNWDjWM8JEE1rdMamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRGYKJJcGhEB:GrNW0DeNTfm/pf+xk4dWRGtrbWOjgWyz
Behavioral task
behavioral1
Sample
ab28768c0f4d1c8d01495d05d1a2a7b1a8c6d13ce6fc2f47cc3bc52a2c20cda5.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
ab28768c0f4d1c8d01495d05d1a2a7b1a8c6d13ce6fc2f47cc3bc52a2c20cda5
-
Size
6.9MB
-
MD5
70a15c668cfd87165bd44d4458462544
-
SHA1
a49e7f130d702ed255fb5f422e237e90eeef533f
-
SHA256
ab28768c0f4d1c8d01495d05d1a2a7b1a8c6d13ce6fc2f47cc3bc52a2c20cda5
-
SHA512
99c17ee92e5e5fa9ddf58ade51e24b47f346634c6b6f449d38967a8d6b8340decd98cd4c274b08c310476f1a13153e8c490d78e9f8987aebfa42f1c312c974a0
-
SSDEEP
98304:GrNWDjWM8JEE1rdMamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRGYKJJcGhEB:GrNW0DeNTfm/pf+xk4dWRGtrbWOjgWyz
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-