General
-
Target
ByfronBypass.exe
-
Size
8.2MB
-
Sample
240603-h777kshb53
-
MD5
e7aeebf0ef64508ddbf4abb6495875be
-
SHA1
66b8010109b697bda7fd7e4f88dbbe0d05bda727
-
SHA256
f8368df1d256b451ce7bc5b8a3e3209d6731afbae00b9f26178bebf7ee323b56
-
SHA512
558e25a673bd9d31f5a1e302de3a93aeed4f86d8a39887246dfadada28a6953d0bd4788a799f82c19f9b75d1cbcd29c90db08ae8785d0ce152e4eca7e478cdc8
-
SSDEEP
196608:crgm7EzLuLjv+bhqNVoB8Ck5c7GpNlpq41J2ySEcbk9qtlDfqWl:ozL+9qz88Ck+7q3p91JmcqfqWl
Behavioral task
behavioral1
Sample
ByfronBypass.exe
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
ByfronBypass.exe
-
Size
8.2MB
-
MD5
e7aeebf0ef64508ddbf4abb6495875be
-
SHA1
66b8010109b697bda7fd7e4f88dbbe0d05bda727
-
SHA256
f8368df1d256b451ce7bc5b8a3e3209d6731afbae00b9f26178bebf7ee323b56
-
SHA512
558e25a673bd9d31f5a1e302de3a93aeed4f86d8a39887246dfadada28a6953d0bd4788a799f82c19f9b75d1cbcd29c90db08ae8785d0ce152e4eca7e478cdc8
-
SSDEEP
196608:crgm7EzLuLjv+bhqNVoB8Ck5c7GpNlpq41J2ySEcbk9qtlDfqWl:ozL+9qz88Ck+7q3p91JmcqfqWl
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-