General
-
Target
External.1.rar
-
Size
5.8MB
-
Sample
240620-3at9nssbqg
-
MD5
ea1d29be660c9f4404c72b814fda36d4
-
SHA1
305815af5248a1f60d914cb04ae11db0b7a30d80
-
SHA256
94f13ae8d22a2679069c6ca4c8bfa8e05779b32ddc724f44211b4d218bb323ba
-
SHA512
2904984ffea1b725040043395919ecc3446517c0833682f80a325656a6895619a2704e7aca5768129fbbf62c718250d4995cfc9e168d76a6d235d9a667707891
-
SSDEEP
98304:qwHIj0tYl8+P1/ykQjXYgy/f1u0pGBF01Rh6e/6WFGXymM+s1mTZnnRN07RdhQ:qAIj0tYl8+dqPXYgu19uFwh6e/6sE9MS
Behavioral task
behavioral1
Sample
External.1.rar
Resource
win11-20240508-en
Behavioral task
behavioral2
Sample
External.exe
Resource
win11-20240611-en
Behavioral task
behavioral3
Sample
<߲�#_H.pyc
Resource
win11-20240419-en
Malware Config
Targets
-
-
Target
External.1.rar
-
Size
5.8MB
-
MD5
ea1d29be660c9f4404c72b814fda36d4
-
SHA1
305815af5248a1f60d914cb04ae11db0b7a30d80
-
SHA256
94f13ae8d22a2679069c6ca4c8bfa8e05779b32ddc724f44211b4d218bb323ba
-
SHA512
2904984ffea1b725040043395919ecc3446517c0833682f80a325656a6895619a2704e7aca5768129fbbf62c718250d4995cfc9e168d76a6d235d9a667707891
-
SSDEEP
98304:qwHIj0tYl8+P1/ykQjXYgy/f1u0pGBF01Rh6e/6WFGXymM+s1mTZnnRN07RdhQ:qAIj0tYl8+dqPXYgu19uFwh6e/6sE9MS
Score3/10 -
-
-
Target
External.1
-
Size
6.0MB
-
MD5
38fc94374662e564cbdb2d28d44fc49d
-
SHA1
c1267e0143682490d7f34c9a6c673d6d79f93314
-
SHA256
65d867387d0fa431d50eb0dd7945507a6aa8731fb6cf6e5cb9ca7674eefb6382
-
SHA512
0b33c4566f8ba179d6c4fb3aeefecd717230776cb8d7059b96ef327776ded0e22f58b6acecfe83371b154445bdf73c1dd75e1e6f1c76033b351dfbda3081f5b4
-
SSDEEP
98304:uiWJEtdFByUamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RlBMMX3JxsT+:TWIFMVeN/FJMIDJf0gsAGK4RluMET+
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
<߲�#_H.pyc
-
Size
857B
-
MD5
caf9b8a378cf7f0d16a6d437c580bf68
-
SHA1
0962b284c7dfc45bb195ec5379839dd4dac65fd5
-
SHA256
253703fe645cbaff9defd459e1e443e74f393846911ba3306b9a0bfd34e7479b
-
SHA512
efdcdae228f9cb1cda0401b5409aff15afacc1b4aa9e49b9e4cefb0b9e51c5c691d3451636fa53b807d9a20107b5cfe824c620d9826095d41bc100834a922828
Score1/10 -