General
-
Target
StartBotNet.exe
-
Size
6.9MB
-
Sample
240624-s5q6dszdlf
-
MD5
49a84723ce9c5eb7b023e5650b05f987
-
SHA1
7d7895834e26df3bcf292717bed20d4107c788fe
-
SHA256
a2cffb22e4f0fd46b17626c25ed79cd04f5e166352ece6fcfe4bf3685a943c15
-
SHA512
789ced61880b4612ec99e21a3f56315a88d0483b5340a9a9b87f11f5face6a256c985dd40e60ff0ae93f6c59a51f9550bad07dbe239800a293d1d8338171f441
-
SSDEEP
98304:3vDjWM8JEE1rBamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRGYKJJcGhEIFWR:3v0MeNTfm/pf+xk4dWRGtrbWOjgWyr
Behavioral task
behavioral1
Sample
StartBotNet.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
StartBotNet.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
StartBotNet.exe
-
Size
6.9MB
-
MD5
49a84723ce9c5eb7b023e5650b05f987
-
SHA1
7d7895834e26df3bcf292717bed20d4107c788fe
-
SHA256
a2cffb22e4f0fd46b17626c25ed79cd04f5e166352ece6fcfe4bf3685a943c15
-
SHA512
789ced61880b4612ec99e21a3f56315a88d0483b5340a9a9b87f11f5face6a256c985dd40e60ff0ae93f6c59a51f9550bad07dbe239800a293d1d8338171f441
-
SSDEEP
98304:3vDjWM8JEE1rBamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRGYKJJcGhEIFWR:3v0MeNTfm/pf+xk4dWRGtrbWOjgWyr
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-