Overview
overview
7Static
static
3Paypal Che...24.rar
windows7-x64
7Paypal Che...24.rar
windows10-2004-x64
3V7 Paypal ...on.dll
windows7-x64
1V7 Paypal ...on.dll
windows10-2004-x64
1V7 Paypal ...er.exe
windows7-x64
7V7 Paypal ...er.exe
windows10-2004-x64
7creal.pyc
windows7-x64
3creal.pyc
windows10-2004-x64
3V7 Paypal ...24.txt
windows7-x64
1V7 Paypal ...24.txt
windows10-2004-x64
1General
-
Target
Paypal Checker - V7 05.31.24.rar
-
Size
15.9MB
-
Sample
240603-adw88aca71
-
MD5
5567395df6e82a74362ac2eeb3ed8b22
-
SHA1
5dbd271178385588d0c38e72dfb54e394b8625f8
-
SHA256
03d5e4bbe2c41d51f43df399a69a7a85f1e7829fb091e75edec7a5c3357d020f
-
SHA512
1578d572c6ca524587431f609479d2c60d37d484b61d90c03e431024e275da9157bf0e2f1e8655b3e5d67beb56a14e23a0c022cbb8590bd02aa2dda438d0d429
-
SSDEEP
393216:z+3OtYMu3nlPm7nADyn92npeBc9ZGkqsQZ47SYg:z+3OtYRxUnAEgmcjqbZVYg
Behavioral task
behavioral1
Sample
Paypal Checker - V7 05.31.24.rar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Paypal Checker - V7 05.31.24.rar
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
V7 Paypal Checker 05.20.24/Newtonsoft.Json.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
V7 Paypal Checker 05.20.24/Newtonsoft.Json.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
V7 Paypal Checker 05.20.24/V7 Paypal Checker.exe
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
V7 Paypal Checker 05.20.24/V7 Paypal Checker.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
creal.pyc
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
creal.pyc
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
V7 Paypal Checker 05.20.24/V7 Rotation Proxies 05.23.24.txt
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
V7 Paypal Checker 05.20.24/V7 Rotation Proxies 05.23.24.txt
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
Paypal Checker - V7 05.31.24.rar
-
Size
15.9MB
-
MD5
5567395df6e82a74362ac2eeb3ed8b22
-
SHA1
5dbd271178385588d0c38e72dfb54e394b8625f8
-
SHA256
03d5e4bbe2c41d51f43df399a69a7a85f1e7829fb091e75edec7a5c3357d020f
-
SHA512
1578d572c6ca524587431f609479d2c60d37d484b61d90c03e431024e275da9157bf0e2f1e8655b3e5d67beb56a14e23a0c022cbb8590bd02aa2dda438d0d429
-
SSDEEP
393216:z+3OtYMu3nlPm7nADyn92npeBc9ZGkqsQZ47SYg:z+3OtYRxUnAEgmcjqbZVYg
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
V7 Paypal Checker 05.20.24/Newtonsoft.Json.dll
-
Size
695KB
-
MD5
715a1fbee4665e99e859eda667fe8034
-
SHA1
e13c6e4210043c4976dcdc447ea2b32854f70cc6
-
SHA256
c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e
-
SHA512
bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad
-
SSDEEP
12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
Score1/10 -
-
-
Target
V7 Paypal Checker 05.20.24/V7 Paypal Checker.exe
-
Size
16.0MB
-
MD5
77ad5b84e21dc1155820654b9e084362
-
SHA1
e2c6871938a3904e1d315b055eabf2266a3f0717
-
SHA256
6dc03a735e97cd90e7a40db2f8017d10fad1415da1323241f66bcc1047e80480
-
SHA512
5d461dd421a85ea71e7689cd0a83a0a7964ea6d0d930494211fc166c270714f42f3824addf0db3a17624eebc96b8cf1b6567ffc456e3b3dda949e816baf0f39d
-
SSDEEP
393216:cEk/+4u0P8AxYD3W+eGQRe9jo7BGcGlYn6bB2:c3+RnXTW+e5Re9MS2
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
creal.pyc
-
Size
64KB
-
MD5
b47b0a51ed2c99078312c793a5f0293a
-
SHA1
e028bb62361641629245b3934b640028973af282
-
SHA256
6cabf20b88035e07d207477a426b410b7352a52f80e41f1f014333db5bbe325e
-
SHA512
ec9eb82fb26541e0ae44325e6d7e3e34291d22efa7378d13c97af996b7bf6c9c1dd398c00c577f70ee47d1d9dd0d26c0f0929e6c90052f64a970a735dd4c04b3
-
SSDEEP
1536:7Trie+0Ql9pObo8BHWftXASFW08VgeOR2es:7TsYbo8B2VXASNMgeORk
Score3/10 -
-
-
Target
V7 Paypal Checker 05.20.24/V7 Rotation Proxies 05.23.24.txt
-
Size
41KB
-
MD5
78752e8ec73d4fe2e8e11a8a83259ae1
-
SHA1
a6677bdb04d918596768c10ebe86307074668b95
-
SHA256
532b41f2eb04e9b2311226d455c11c7d82e64807f000bf4bf4e8c5751a2385fc
-
SHA512
3adf65e645782ccbe567581f1e70a82f35715cb30800186eb3754ce6fc9df44c386216e3236f01aa8ad8ede5effc85b4544e21f18bd42c6618df4234fcddaf88
-
SSDEEP
768:ajUL5fXjYUe2nZB5UDzTScWz/WUNZD9A+IXe:P1fXjYxOXz/t5WXe
Score1/10 -