General
-
Target
CypherExecutor.exe
-
Size
8.2MB
-
Sample
240603-jafxhaga6v
-
MD5
eedf8816578dd8f29f275ba872dc778a
-
SHA1
28533ef5cb7267cb79dafe274b04a78578b74bb3
-
SHA256
1cd1eaa9c7cb3d1946ef75414098f3c10183e3c4b2f1dce6eafc768b3b104b39
-
SHA512
50baa6c1e28ff2fe96053a154758b858622a7eac0619c74193338d2d3a571785ce2f38bd43f585223d992c937d4bdb60965ccb522d77cfd2b05d094178bac856
-
SSDEEP
196608:nrHdwurErvI9pWjgyvoaYrE41JIVSESIqoxkg:iurEUWjdo/H1JHFoGg
Behavioral task
behavioral1
Sample
CypherExecutor.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
CypherExecutor.exe
-
Size
8.2MB
-
MD5
eedf8816578dd8f29f275ba872dc778a
-
SHA1
28533ef5cb7267cb79dafe274b04a78578b74bb3
-
SHA256
1cd1eaa9c7cb3d1946ef75414098f3c10183e3c4b2f1dce6eafc768b3b104b39
-
SHA512
50baa6c1e28ff2fe96053a154758b858622a7eac0619c74193338d2d3a571785ce2f38bd43f585223d992c937d4bdb60965ccb522d77cfd2b05d094178bac856
-
SSDEEP
196608:nrHdwurErvI9pWjgyvoaYrE41JIVSESIqoxkg:iurEUWjdo/H1JHFoGg
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-