General
-
Target
illusion.exe
-
Size
6.0MB
-
Sample
240619-xnmh4a1hlr
-
MD5
e669a2a46604b3895a65d6157df9e5c2
-
SHA1
3649dbfa6c13ed55e46a1745fd240c8cb4a02b47
-
SHA256
b66aebf05dec6479cd9f281415ea0187cdb9f751d5a5f2fb689687dc504aded3
-
SHA512
65ef22937edfe222c92d73f588a47888e89ec5e18285b94571580ab7e101e1c9e8087ffeb364bc58bc1962562b8b51f3580ce2567d21297ae5f39e58364589f9
-
SSDEEP
98304:errWEtdFBy/namaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RtBMlfg3HCTC:errVFMSeN/FJMIDJf0gsAGK4RtulTTC
Behavioral task
behavioral1
Sample
illusion.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
illusion.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
illusion.exe
-
Size
6.0MB
-
MD5
e669a2a46604b3895a65d6157df9e5c2
-
SHA1
3649dbfa6c13ed55e46a1745fd240c8cb4a02b47
-
SHA256
b66aebf05dec6479cd9f281415ea0187cdb9f751d5a5f2fb689687dc504aded3
-
SHA512
65ef22937edfe222c92d73f588a47888e89ec5e18285b94571580ab7e101e1c9e8087ffeb364bc58bc1962562b8b51f3580ce2567d21297ae5f39e58364589f9
-
SSDEEP
98304:errWEtdFBy/namaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RtBMlfg3HCTC:errVFMSeN/FJMIDJf0gsAGK4RtulTTC
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-