General
-
Target
StartBotNet.exe
-
Size
6.9MB
-
Sample
240624-q4gt8aydqr
-
MD5
49a84723ce9c5eb7b023e5650b05f987
-
SHA1
7d7895834e26df3bcf292717bed20d4107c788fe
-
SHA256
a2cffb22e4f0fd46b17626c25ed79cd04f5e166352ece6fcfe4bf3685a943c15
-
SHA512
789ced61880b4612ec99e21a3f56315a88d0483b5340a9a9b87f11f5face6a256c985dd40e60ff0ae93f6c59a51f9550bad07dbe239800a293d1d8338171f441
-
SSDEEP
98304:3vDjWM8JEE1rBamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRGYKJJcGhEIFWR:3v0MeNTfm/pf+xk4dWRGtrbWOjgWyr
Behavioral task
behavioral1
Sample
StartBotNet.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral2
Sample
WA��.pyc
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
StartBotNet.exe
-
Size
6.9MB
-
MD5
49a84723ce9c5eb7b023e5650b05f987
-
SHA1
7d7895834e26df3bcf292717bed20d4107c788fe
-
SHA256
a2cffb22e4f0fd46b17626c25ed79cd04f5e166352ece6fcfe4bf3685a943c15
-
SHA512
789ced61880b4612ec99e21a3f56315a88d0483b5340a9a9b87f11f5face6a256c985dd40e60ff0ae93f6c59a51f9550bad07dbe239800a293d1d8338171f441
-
SSDEEP
98304:3vDjWM8JEE1rBamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRGYKJJcGhEIFWR:3v0MeNTfm/pf+xk4dWRGtrbWOjgWyr
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
WA��.pyc
-
Size
1KB
-
MD5
1389e21e7fce0794d5cfa31ebb28c746
-
SHA1
defbb515439644f4263d0b8aefc19cae4526cfdf
-
SHA256
4e30657ffd9b127022c7d293758f3878c36eac3f297912b605e2815643f9e41b
-
SHA512
99b299eae15cbce1cc4b5b89390ae14227b36eea792663b61ddc3b021aace4a9ecc89aec6f492d1f23f208aa98d02e4ad03ffce9c5b954ec9fcd5de99d76cb19
Score1/10 -