General
-
Target
FireSafe2.exe
-
Size
8.2MB
-
Sample
240603-jcfphsgb2w
-
MD5
b313bf2117a3f913868841a695a20e32
-
SHA1
445f9a39f48d95dd3c57821cadc6cbfca6cd0165
-
SHA256
3ecf3dc9b79725ed6966d2f79f2e8feef96aa0c5ec1c2ad6dcfcd4d53d872a12
-
SHA512
dd121426df097429e02355bc5774e1f421414afb2d56b9d9fd1769e347faf4bf7a38d2d4d43f7e632421b70fdd5276f3eb5a3bd56a924e6ae4c94fcbd94785d1
-
SSDEEP
196608:Nr3vA9VEcurErvI9pWjgfPvzm6gs/SEjEB4AuF:F47urEUWjC3zDAa84AuF
Behavioral task
behavioral1
Sample
FireSafe2.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
FireSafe2.exe
-
Size
8.2MB
-
MD5
b313bf2117a3f913868841a695a20e32
-
SHA1
445f9a39f48d95dd3c57821cadc6cbfca6cd0165
-
SHA256
3ecf3dc9b79725ed6966d2f79f2e8feef96aa0c5ec1c2ad6dcfcd4d53d872a12
-
SHA512
dd121426df097429e02355bc5774e1f421414afb2d56b9d9fd1769e347faf4bf7a38d2d4d43f7e632421b70fdd5276f3eb5a3bd56a924e6ae4c94fcbd94785d1
-
SSDEEP
196608:Nr3vA9VEcurErvI9pWjgfPvzm6gs/SEjEB4AuF:F47urEUWjC3zDAa84AuF
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-