General
-
Target
SherlockBeta.rar
-
Size
8.5MB
-
Sample
240531-ze6lqadd55
-
MD5
56577878743daafda662e806c8a0b501
-
SHA1
596859a2837faac384ac3d65d03b9fe3ea8e673c
-
SHA256
3722af4d4b4227498433a69999f801616be9c7fa8cb461ed8520c9e619f5feab
-
SHA512
859ca64b8bf02761a15cf27205c6b30aa2e762066046199c72b4ef832a5c354d21106b04afaecc28f77b6183351f033de29ab7d78fcdab5bf88e42620a190007
-
SSDEEP
196608:CzXtWbDCdyAJwqCN2EJR3v9kqyLhOkQtT5JagngMxq:SXEbDCdhBoLbCAJNgMQ
Behavioral task
behavioral1
Sample
SherlockBeta/SherlockBootstrapper.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
F"ivb��.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
SherlockBeta/SherlockV1.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
SherlockBeta/Siticone.UI.dll
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
SherlockBeta/SherlockBootstrapper.exe
-
Size
18.0MB
-
MD5
3d1deb317e8597990bab704400717066
-
SHA1
ba10661fe8af712312a847bed7709d74b78c5809
-
SHA256
325473616dd8490112f047143d777128444b93fdd698f7009b2d256a89b334e6
-
SHA512
369d146a921128e0d4bec32f4e51c464458174e34c9c7d88e5c42575ed9c291d2369a397c91859efeaa299ed9c3de8ebacd40bcf80ca287645dca7740d4ff5ec
-
SSDEEP
196608:9rdRhI5TurErvI9pWjgaAnajMsbSEo23fQC//OoLxhN:7STurEUWjJjIfoo4jLxhN
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
F"ivb��.pyc
-
Size
1KB
-
MD5
5fc9cebb5d468830a8d7dfade82346e0
-
SHA1
57ca326d0f8c81ac11eb43bff7a46bf84a06c5a3
-
SHA256
584098a58c99bc99e338aa423e226ac36c590c7a475678ee8e6ba2dd05135c3e
-
SHA512
30d23d78df54403dcd3f0956199e1408d313027490f0b8d2774de2e9e55c6069401cb771da83658e253da460229d701535fb57f557af4636bb1c265683144603
Score1/10 -
-
-
Target
SherlockBeta/SherlockV1.exe
-
Size
1.7MB
-
MD5
c3d109ce0a46245ba7d1c849199948b9
-
SHA1
a823a2c813228a92d1afabba8b6d4019f26a2f69
-
SHA256
3e3888288da5b945bc5b01e4d92e0f4e7bf3701b55e9d1093cb139f54c946722
-
SHA512
fddeb5983c9858c31b67ce93b7202d18e84ca91d165b040a00c7594d74f049d83d503f27cbccc735637768ba0828961c0e700631519c1dfebb6589b67c1c44cb
-
SSDEEP
6144:Eko8cjSDX/ow3ASp611u+V6oLvko8cjSDX/ow3ASp611u+V6oLvko8cjSDX/ow3N:cvv2
Score1/10 -
-
-
Target
SherlockBeta/Siticone.UI.dll
-
Size
1.3MB
-
MD5
750c58af2e56b6addecffcf152520ab8
-
SHA1
14995e7f1d12498606d9d209d78d55fe6fd87802
-
SHA256
27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26
-
SHA512
2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5
-
SSDEEP
24576:QVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8gb:u8NlaVeuHFb
Score1/10 -