General
-
Target
2conturi.exe
-
Size
6.3MB
-
Sample
240623-p8kk8s1dqc
-
MD5
492dac44e56be4fbf25bace24bace15f
-
SHA1
866d9574dd56590275728a44d0329f51ad2aaee5
-
SHA256
5c62b5baeed56897d9bc76d27f168e773bc754ab47397db591b6d64d4f955c49
-
SHA512
db55ad57d6419562690f596eb3611e938830f53d27e34849eda41aabc67efa225c7706f6543c731c03f2963f5df28d145001861ae981a325adb3b939af12df87
-
SSDEEP
98304:IgXdPJ75YthU6TccRacg/BGfO1q4HNK0zbup/xzcq8zAFPmv9JT1sOBN3o1pg:L5e66TraRRnz+R8zmPm1D7x
Behavioral task
behavioral1
Sample
2conturi.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
2conturi.exe
-
Size
6.3MB
-
MD5
492dac44e56be4fbf25bace24bace15f
-
SHA1
866d9574dd56590275728a44d0329f51ad2aaee5
-
SHA256
5c62b5baeed56897d9bc76d27f168e773bc754ab47397db591b6d64d4f955c49
-
SHA512
db55ad57d6419562690f596eb3611e938830f53d27e34849eda41aabc67efa225c7706f6543c731c03f2963f5df28d145001861ae981a325adb3b939af12df87
-
SSDEEP
98304:IgXdPJ75YthU6TccRacg/BGfO1q4HNK0zbup/xzcq8zAFPmv9JT1sOBN3o1pg:L5e66TraRRnz+R8zmPm1D7x
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-