General
-
Target
LeviathanChecker1.exe
-
Size
8.3MB
-
Sample
240603-lwvznabh57
-
MD5
966f0f89ff2e06c641f20c8233e298ec
-
SHA1
eea0253c0c22ffed4f00ff27dc80808a90a3cc28
-
SHA256
bf189f1b11f451193c18d48a707acb57a94021c75ffd54ac4f1e6f44a72a2ad9
-
SHA512
b65289ddcba268b4c9698f71e57e2b00e5105577307392149d05c3404e1bdd6330592a4ac38d90b1813b9b8f91f751c640459197f6946dbc2776e3278aad9b3b
-
SSDEEP
196608:erFiT0cD9z9HLjv+bhqNVoBKUh8mz4Iv9PzQKu1D7A4:+i9zVL+9qz8/b4ICKuRA4
Behavioral task
behavioral1
Sample
LeviathanChecker1.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
LeviathanChecker1.exe
-
Size
8.3MB
-
MD5
966f0f89ff2e06c641f20c8233e298ec
-
SHA1
eea0253c0c22ffed4f00ff27dc80808a90a3cc28
-
SHA256
bf189f1b11f451193c18d48a707acb57a94021c75ffd54ac4f1e6f44a72a2ad9
-
SHA512
b65289ddcba268b4c9698f71e57e2b00e5105577307392149d05c3404e1bdd6330592a4ac38d90b1813b9b8f91f751c640459197f6946dbc2776e3278aad9b3b
-
SSDEEP
196608:erFiT0cD9z9HLjv+bhqNVoBKUh8mz4Iv9PzQKu1D7A4:+i9zVL+9qz8/b4ICKuRA4
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-