General
-
Target
images.jpg
-
Size
9KB
-
Sample
240602-2rhfrsba59
-
MD5
f8a024d5e1c5dacbe6bc873d8b4b54c6
-
SHA1
49c24a92bbf9c42e2da4132d98ecd0c0924e6cad
-
SHA256
aa800b68eddd0ed0ea16f6bf0a38bd8693a4b75e337d9c73a156ff91654057a1
-
SHA512
5766d4832793dec2a0bea29faf02ae758db0f24f086e07252b6101224a9c1a45ca0bbbe1465fac20bfd000b36bc5738d582cea48386c8c477562c529ef493740
-
SSDEEP
192:Dn+EFOHLJb051WEsH/3zq/ql56US6BeL7ytAVUaJXB3Ke5:j+EENgGf3+/4s6BeL7ytAVUaJXB6e5
Static task
static1
Behavioral task
behavioral1
Sample
images.jpg
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
images.jpg
-
Size
9KB
-
MD5
f8a024d5e1c5dacbe6bc873d8b4b54c6
-
SHA1
49c24a92bbf9c42e2da4132d98ecd0c0924e6cad
-
SHA256
aa800b68eddd0ed0ea16f6bf0a38bd8693a4b75e337d9c73a156ff91654057a1
-
SHA512
5766d4832793dec2a0bea29faf02ae758db0f24f086e07252b6101224a9c1a45ca0bbbe1465fac20bfd000b36bc5738d582cea48386c8c477562c529ef493740
-
SSDEEP
192:Dn+EFOHLJb051WEsH/3zq/ql56US6BeL7ytAVUaJXB3Ke5:j+EENgGf3+/4s6BeL7ytAVUaJXB6e5
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-