General
-
Target
YALLO.exe
-
Size
6.7MB
-
Sample
240624-sxkzeazajb
-
MD5
885338d04845c09509ec54d674507405
-
SHA1
628134668e84bad25631a847d4b52ee70c02759a
-
SHA256
cc0677ded0c7e2090461aeb331e5ff5196a96a41e21293298a1022e32c089ac0
-
SHA512
53fb136683ca7b8fec1d8a3699d70b6f371f6ca98db1f57c3d44ac26ad2fd539a3c157fe41e6c5d20f7dd3dfefc9f829d7d6970e38dbc27f3da54541c0e8104e
-
SSDEEP
196608:65Fh0peN/FJMIDJf0gsAGK5SEQRWuAKuKgi8:G0a/Fqyf0gsfNRAKW
Behavioral task
behavioral1
Sample
YALLO.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
YALLO.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
m������.pyc
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
m������.pyc
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
YALLO.exe
-
Size
6.7MB
-
MD5
885338d04845c09509ec54d674507405
-
SHA1
628134668e84bad25631a847d4b52ee70c02759a
-
SHA256
cc0677ded0c7e2090461aeb331e5ff5196a96a41e21293298a1022e32c089ac0
-
SHA512
53fb136683ca7b8fec1d8a3699d70b6f371f6ca98db1f57c3d44ac26ad2fd539a3c157fe41e6c5d20f7dd3dfefc9f829d7d6970e38dbc27f3da54541c0e8104e
-
SSDEEP
196608:65Fh0peN/FJMIDJf0gsAGK5SEQRWuAKuKgi8:G0a/Fqyf0gsfNRAKW
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
m������.pyc
-
Size
857B
-
MD5
234f24e9edee311525c9a5c685be601a
-
SHA1
4a7c11002b709b9963f47bd4f6188afb73e282c1
-
SHA256
0a2b2cf86efe93717bedc31080d52a26df3ba5c174e309c971e2f52e837e269c
-
SHA512
241f311529ca6125f7bf26a1d10b66b010d27a001b1e30426936cb8d2fa8c5389bc82fcf7f6c2dee5e14d49f058e3edc5879578d21a13b222fe1145d573505fc
Score1/10 -