General
-
Target
Fps unblocker.exe
-
Size
8.2MB
-
Sample
240621-dx5lgs1dnj
-
MD5
7ddb809d87904ac6c2a4651090f4fa62
-
SHA1
c94cdb2c071a359163d4ca11547143ed7ba5f264
-
SHA256
ba39a2309a5d02d22de3392860dca1f0c6c299278880566b93e2e2f9eaa5d5a3
-
SHA512
d4dc0215d863b205685386332d653536736453b57be0c7653f6e8a68d6ed29967510481b6803c59ab4a43da0302c8dda3eb95454b60900fc00f53ca00974aeff
-
SSDEEP
196608:EA0cDrHrsLjv+bhqNVoBKUh8mz4Iv9PMX/O21u1D7Ah:UirHr8L+9qz8/b4IyN1uRAh
Behavioral task
behavioral1
Sample
Fps unblocker.exe
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
Fps unblocker.exe
-
Size
8.2MB
-
MD5
7ddb809d87904ac6c2a4651090f4fa62
-
SHA1
c94cdb2c071a359163d4ca11547143ed7ba5f264
-
SHA256
ba39a2309a5d02d22de3392860dca1f0c6c299278880566b93e2e2f9eaa5d5a3
-
SHA512
d4dc0215d863b205685386332d653536736453b57be0c7653f6e8a68d6ed29967510481b6803c59ab4a43da0302c8dda3eb95454b60900fc00f53ca00974aeff
-
SSDEEP
196608:EA0cDrHrsLjv+bhqNVoBKUh8mz4Iv9PMX/O21u1D7Ah:UirHr8L+9qz8/b4IyN1uRAh
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-