General
-
Target
Cozy World Setup.exe
-
Size
48.1MB
-
Sample
240618-a2tg8svbkq
-
MD5
416ed566ab4740bcd2bcc44e369a6672
-
SHA1
efd6b78ac07cd1d47b626f228524918aa707f1a9
-
SHA256
4cd4f861a3294923fc97f741927c8b67543ac54cfde6692c9e151920b1f61a19
-
SHA512
315ad6047936fca672fba345174ff4921b92e7b47caea946c495e4532460339025f0b4d15a384cedcf0cc323874ff6685037e0b01481f94f55cfaa330420a668
-
SSDEEP
786432:EHTkzt3QiZQr4wuTktm4L8KJ/aTHl9I3gMvsQd+d9KFzwBrM+uS1A/DI1TA4ROzL:EHwggTksbmaTHli/sQ/zAMhSW/kNSzI6
Static task
static1
Malware Config
Extracted
stealc
cozy13
http://45.132.105.157
-
url_path
/eb155c7506e03ca9.php
Targets
-
-
Target
Cozy World Setup.exe
-
Size
48.1MB
-
MD5
416ed566ab4740bcd2bcc44e369a6672
-
SHA1
efd6b78ac07cd1d47b626f228524918aa707f1a9
-
SHA256
4cd4f861a3294923fc97f741927c8b67543ac54cfde6692c9e151920b1f61a19
-
SHA512
315ad6047936fca672fba345174ff4921b92e7b47caea946c495e4532460339025f0b4d15a384cedcf0cc323874ff6685037e0b01481f94f55cfaa330420a668
-
SSDEEP
786432:EHTkzt3QiZQr4wuTktm4L8KJ/aTHl9I3gMvsQd+d9KFzwBrM+uS1A/DI1TA4ROzL:EHwggTksbmaTHli/sQ/zAMhSW/kNSzI6
-
Detects HijackLoader (aka IDAT Loader)
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Downloads MZ/PE file
-
Suspicious use of SetThreadContext
-