General
-
Target
GroupFinder.exe
-
Size
6.9MB
-
Sample
240603-ltvacabg69
-
MD5
8088f1f7250665df91890e3ae4b8aa9f
-
SHA1
8dbd5051863d05e37df678781db7a0b498f5a1c7
-
SHA256
147cf76a419399942f4cb96ff91cdcc523f919a66e55d2b72d99d3964a147010
-
SHA512
63e3d20f252228045cf4287ba34360f3fafe2e28ff2297d0427f957e9d5f240915e5f4cff609d4c140521a6ead65116a667bb08dfb9d86edd0c3f53fd8af6acb
-
SSDEEP
98304:yrSQDjWM8JEE1rdtamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRGYKJJcGhEX:yrSQ0ieNTfm/pf+xk4dWRGtrbWOjgWyt
Behavioral task
behavioral1
Sample
GroupFinder.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
GroupFinder.exe
-
Size
6.9MB
-
MD5
8088f1f7250665df91890e3ae4b8aa9f
-
SHA1
8dbd5051863d05e37df678781db7a0b498f5a1c7
-
SHA256
147cf76a419399942f4cb96ff91cdcc523f919a66e55d2b72d99d3964a147010
-
SHA512
63e3d20f252228045cf4287ba34360f3fafe2e28ff2297d0427f957e9d5f240915e5f4cff609d4c140521a6ead65116a667bb08dfb9d86edd0c3f53fd8af6acb
-
SSDEEP
98304:yrSQDjWM8JEE1rdtamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRGYKJJcGhEX:yrSQ0ieNTfm/pf+xk4dWRGtrbWOjgWyt
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-