General
-
Target
EvilClickerV2.3.rar
-
Size
6.3MB
-
Sample
240603-jbz2rsga9w
-
MD5
bcfd85efc0089831b8a486f485ec491d
-
SHA1
69901c7bcea1b720d638a2a94659b0015f2436cc
-
SHA256
719f171db28a450134885f2d94cd4ba99e2c7b02b805c7a3e086c1eb2c716131
-
SHA512
8ced7e61d6b40b633023f5563675ce8511a56f74de89590392e93282ff15f54757b0d6b45d59580d56c4800e2884581f9c2d2f19b17b46869b757bdb3ef4e4c1
-
SSDEEP
196608:sZdV/QuZSk/HqAb2LLUFXNIXLBq6QR2GbsWa:srVEk/Vb2LLIIXd02C5a
Behavioral task
behavioral1
Sample
Evil Clicker/EvilClicker.exe
Resource
win7-20231129-en
Malware Config
Targets
-
-
Target
Evil Clicker/EvilClicker.exe
-
Size
6.5MB
-
MD5
8883035f1bcc3d1f2bdbe1f63939f169
-
SHA1
70e8a2e344c34b1c377f4f20a16d93b6c2f217c5
-
SHA256
1f320e63957226fc9f8100357bf6467b77c66e3e4827d44f9a4e66d60641522c
-
SHA512
f6211564267f9f86b10325ab6a7a1938063c72ce05c7e21e6a981f33f9b6502a3a68ba04f674d03767da493be8f10aa7d6b912e7753b49b515cd70bd9dfde72d
-
SSDEEP
196608:ar+BmDZeXRHvUWvozWOxu9kXwvdbDlA03NhnDetB8wZhUi6:fGcXRHdKbAlbZA03bDMBjb6
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-