General
-
Target
Scrillex Tool.exe
-
Size
8.0MB
-
Sample
240619-zsdg4awbkl
-
MD5
1f33f9dd3869f120850d3a9ec60e895d
-
SHA1
a3342ba3a83ad8ee6ef93fc414f0819379860ea2
-
SHA256
93b8d5e9a747a26271f8f6699727f5bf9f3b50fabe9032ec5c34d2bc33ed2db2
-
SHA512
e771f8585ce8e617a07122b5910080f8e061dba9cc719a3ec18c3b2f169a33040132c6f9fb6672709db54f7975b3160386be5066c07211fad23489fe4e04980f
-
SSDEEP
98304:28zHqdVfB2FS27w4X7yuT/9vUIdD9C+z3zO917vOTh+ezDNh7JvmJ1nmOBN9n4mM:2cQsZ7bT/9bvLz3S1bA3z4n97Y1
Behavioral task
behavioral1
Sample
Scrillex Tool.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
Scrillex Tool.exe
-
Size
8.0MB
-
MD5
1f33f9dd3869f120850d3a9ec60e895d
-
SHA1
a3342ba3a83ad8ee6ef93fc414f0819379860ea2
-
SHA256
93b8d5e9a747a26271f8f6699727f5bf9f3b50fabe9032ec5c34d2bc33ed2db2
-
SHA512
e771f8585ce8e617a07122b5910080f8e061dba9cc719a3ec18c3b2f169a33040132c6f9fb6672709db54f7975b3160386be5066c07211fad23489fe4e04980f
-
SSDEEP
98304:28zHqdVfB2FS27w4X7yuT/9vUIdD9C+z3zO917vOTh+ezDNh7JvmJ1nmOBN9n4mM:2cQsZ7bT/9bvLz3S1bA3z4n97Y1
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-