General
-
Target
artmoney-v13.1.3 (1).exe
-
Size
6.3MB
-
Sample
240620-13phsatdkq
-
MD5
7149016b02e5f652c1a1ce1a455f2298
-
SHA1
0b32fcfc404499b65461a3e78509095d2a8c7da3
-
SHA256
08d1ca9a16a259ea715919ef13d3dbfbdfd1b87bb4036bf7c3c6a58f560c7dc0
-
SHA512
64825a789fbd38c9fb1a792575136753fef49d1e6fded8fd0e913b56eb69ac43ac7a25a9a1a5a3cf74fe5613d41bbb556fa4eddabfe7c2aa66e3900ccb2b91ea
-
SSDEEP
98304:ugXd7y75YthUSNccRacg/BGfO1q4HNK0zbup/xzcq8zAFPmv9JT1sOBN3o1prE:I5e6SNraRRnz+R8zmPm1D7J
Behavioral task
behavioral1
Sample
artmoney-v13.1.3 (1).exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
artmoney-v13.1.3 (1).exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
artmoney-v13.1.3 (1).exe
-
Size
6.3MB
-
MD5
7149016b02e5f652c1a1ce1a455f2298
-
SHA1
0b32fcfc404499b65461a3e78509095d2a8c7da3
-
SHA256
08d1ca9a16a259ea715919ef13d3dbfbdfd1b87bb4036bf7c3c6a58f560c7dc0
-
SHA512
64825a789fbd38c9fb1a792575136753fef49d1e6fded8fd0e913b56eb69ac43ac7a25a9a1a5a3cf74fe5613d41bbb556fa4eddabfe7c2aa66e3900ccb2b91ea
-
SSDEEP
98304:ugXd7y75YthUSNccRacg/BGfO1q4HNK0zbup/xzcq8zAFPmv9JT1sOBN3o1prE:I5e6SNraRRnz+R8zmPm1D7J
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-