General
-
Target
og dh.rbxl.exe
-
Size
23.4MB
-
Sample
240619-y5ckwszdrb
-
MD5
35f1442aeb314d390693ec402f01a42a
-
SHA1
0b35e1fdba1d8facdff0b58a8b5f457f6ba5303d
-
SHA256
08a696f41fda1618c4f7f1e6c6312764e609663ab72663f0c4daed7feaa838b8
-
SHA512
0b9efb51e343a6f89f78d968fa7bfebafbbe972bae3a9d7b028307fa8fad38c1fb4637d7a7d3028680b3a9423ce5b2ad7ff939b2deca2bfe79f9907d7f8fc349
-
SSDEEP
393216:eEkQLQ8XActIPL01+l+uq+Vvj1+TtIiFe0VTxpNCkvRbM6ijrYm:eYQcqj01+l+uqgvj1QtIAJCoRQtrZ
Behavioral task
behavioral1
Sample
og dh.rbxl.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
og dh.rbxl.exe
-
Size
23.4MB
-
MD5
35f1442aeb314d390693ec402f01a42a
-
SHA1
0b35e1fdba1d8facdff0b58a8b5f457f6ba5303d
-
SHA256
08a696f41fda1618c4f7f1e6c6312764e609663ab72663f0c4daed7feaa838b8
-
SHA512
0b9efb51e343a6f89f78d968fa7bfebafbbe972bae3a9d7b028307fa8fad38c1fb4637d7a7d3028680b3a9423ce5b2ad7ff939b2deca2bfe79f9907d7f8fc349
-
SSDEEP
393216:eEkQLQ8XActIPL01+l+uq+Vvj1+TtIiFe0VTxpNCkvRbM6ijrYm:eYQcqj01+l+uqgvj1QtIAJCoRQtrZ
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-