General
-
Target
2cb0c308999d3a1b70fd9b9151a4120c.bin
-
Size
7.3MB
-
Sample
240626-cstsrasakr
-
MD5
2cb0c308999d3a1b70fd9b9151a4120c
-
SHA1
82e6238433e83cd4c94108748439f93c861e73fa
-
SHA256
b10488502194f6a2ba6bdf545d38f5c636f0f821564b0a174a573beaee2dfe01
-
SHA512
15fd8ace5ff6ff21a8f218fd900adab75017dbb3c6a7cbe84643627b6e44de307f74dd2a2dde928b02d9cace0074767bf0cf9d4ed2caf58c5ef7850aa601f046
-
SSDEEP
196608:D10cDepLjv+bhqNVoBKUh8mz4Iv9Pfu1D78:WieRL+9qz8/b4IBuR8
Behavioral task
behavioral1
Sample
2cb0c308999d3a1b70fd9b9151a4120c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2cb0c308999d3a1b70fd9b9151a4120c.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
2cb0c308999d3a1b70fd9b9151a4120c.bin
-
Size
7.3MB
-
MD5
2cb0c308999d3a1b70fd9b9151a4120c
-
SHA1
82e6238433e83cd4c94108748439f93c861e73fa
-
SHA256
b10488502194f6a2ba6bdf545d38f5c636f0f821564b0a174a573beaee2dfe01
-
SHA512
15fd8ace5ff6ff21a8f218fd900adab75017dbb3c6a7cbe84643627b6e44de307f74dd2a2dde928b02d9cace0074767bf0cf9d4ed2caf58c5ef7850aa601f046
-
SSDEEP
196608:D10cDepLjv+bhqNVoBKUh8mz4Iv9Pfu1D78:WieRL+9qz8/b4IBuR8
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-