General
-
Target
loader.exe
-
Size
6.3MB
-
Sample
240604-11xrdada9z
-
MD5
cd64ae92771aae3022ed1186be571d9e
-
SHA1
0e0357d32f4a3d564600e56748111547976cb2b9
-
SHA256
8a38bb293557b9ee3ba0c376d076acc70f70653277af8b3e526b248fc2977c58
-
SHA512
916ca758955e6b58d6a201af025e45a026445c66c4e171533687a1961d3e57397eaff08496f9719d0b63c4cd2b05fe4018aa0630a1665c91561beff2b643616c
-
SSDEEP
98304:VQ9Wp75YthUQccRacg/BGfO1q4HNK0zbup/xzcq8zAFPjv9JT1sOBN3o1Sh:d55e6QraRRnz+R8zmPf1D7Jh
Malware Config
Targets
-
-
Target
loader.exe
-
Size
6.3MB
-
MD5
cd64ae92771aae3022ed1186be571d9e
-
SHA1
0e0357d32f4a3d564600e56748111547976cb2b9
-
SHA256
8a38bb293557b9ee3ba0c376d076acc70f70653277af8b3e526b248fc2977c58
-
SHA512
916ca758955e6b58d6a201af025e45a026445c66c4e171533687a1961d3e57397eaff08496f9719d0b63c4cd2b05fe4018aa0630a1665c91561beff2b643616c
-
SSDEEP
98304:VQ9Wp75YthUQccRacg/BGfO1q4HNK0zbup/xzcq8zAFPjv9JT1sOBN3o1Sh:d55e6QraRRnz+R8zmPf1D7Jh
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-