General
-
Target
cosmic_tag_testing.exe
-
Size
16.2MB
-
Sample
240619-sngkmasenb
-
MD5
c13e972797382d3e4d9c232abf79273d
-
SHA1
a9dd3d75356024caebf756f2b5c23ae74fde356c
-
SHA256
fb945a466e3abf02d02b52457dfcf99889d57157903537af2d53ed7596135b74
-
SHA512
cc7a086431304dc8bda33ff61d9cbdd77eb0691110726cbfe42216817708215081db11cc5ae582cc693b5d0f35d252dcf8b55e2fa52d6cfe8721c8df46865011
-
SSDEEP
393216:FEkcqY4gP8AxYDX1+TtIiFvY9Z8D8Ccl6lnbE0PKksbuK+:FkD4bX71QtI6a8DZcIlbskBK+
Malware Config
Targets
-
-
Target
cosmic_tag_testing.exe
-
Size
16.2MB
-
MD5
c13e972797382d3e4d9c232abf79273d
-
SHA1
a9dd3d75356024caebf756f2b5c23ae74fde356c
-
SHA256
fb945a466e3abf02d02b52457dfcf99889d57157903537af2d53ed7596135b74
-
SHA512
cc7a086431304dc8bda33ff61d9cbdd77eb0691110726cbfe42216817708215081db11cc5ae582cc693b5d0f35d252dcf8b55e2fa52d6cfe8721c8df46865011
-
SSDEEP
393216:FEkcqY4gP8AxYDX1+TtIiFvY9Z8D8Ccl6lnbE0PKksbuK+:FkD4bX71QtI6a8DZcIlbskBK+
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-