General
-
Target
Vanguard.exe
-
Size
53.6MB
-
Sample
240611-wk2m6swckj
-
MD5
3286da65a9513a996c6b5449dbcf1d5a
-
SHA1
2b04696f6537a53ccb58985efc735d50f4ca8cdb
-
SHA256
04f590e3dec6b6ea50a1377916c591e2950e8e2e88e4c6c4902a3e7eb985cebe
-
SHA512
73732b7ce132e1b006dc4a73edc1740e41d0ed30ffbd6e1ecc1ee6e00040bf905b12352fadbb87cdb3bbe491f5324b4c66ad3568449926d0d72bfebb481960d9
-
SSDEEP
786432:g19ShzF3yajlAhRn+uKPrONjl0pHlo0FdGghdb8zcY87oJESWqESpxplBkMK+u:mShcMAhRnOPrONJ0Vl4EdoE7FqoMa
Static task
static1
Malware Config
Targets
-
-
Target
Vanguard.exe
-
Size
53.6MB
-
MD5
3286da65a9513a996c6b5449dbcf1d5a
-
SHA1
2b04696f6537a53ccb58985efc735d50f4ca8cdb
-
SHA256
04f590e3dec6b6ea50a1377916c591e2950e8e2e88e4c6c4902a3e7eb985cebe
-
SHA512
73732b7ce132e1b006dc4a73edc1740e41d0ed30ffbd6e1ecc1ee6e00040bf905b12352fadbb87cdb3bbe491f5324b4c66ad3568449926d0d72bfebb481960d9
-
SSDEEP
786432:g19ShzF3yajlAhRn+uKPrONjl0pHlo0FdGghdb8zcY87oJESWqESpxplBkMK+u:mShcMAhRnOPrONJ0Vl4EdoE7FqoMa
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-