General
-
Target
main.exe
-
Size
9.5MB
-
Sample
240628-v1zyvaxdpe
-
MD5
0577222f4607d307dbd8e296bfba4bcc
-
SHA1
cc99671a69c02c65a9e65683215eff9ec4bccf24
-
SHA256
fa68fb7b9b57f1ad358e829acee0b7db926d78a5f5a4434837fa96b4653c2cb7
-
SHA512
709cdbf8ac69d1aa0b4cdaf390278e15d71e07f8df2557f5c143580917ae23060b307f8c197e5fb7c49071ecdad63f6226da9bd510069a6c36a0ba70ed3e9dab
-
SSDEEP
98304:bV5Y4P6vQBpwXgOlx8UJEZMFdEMaMFQvpI3:sW6vQ8d8UJE+FOMKpI3
Behavioral task
behavioral1
Sample
main.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
main.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
skuld
https://discord.com/api/webhooks/1255141785198526518/HbSOi96D9xFWcHRfLUc1hVxDYiJ62EQpodIyKyp_rqp3Dh_0SCxyj3iTrpm92a_OBpFr
Targets
-
-
Target
main.exe
-
Size
9.5MB
-
MD5
0577222f4607d307dbd8e296bfba4bcc
-
SHA1
cc99671a69c02c65a9e65683215eff9ec4bccf24
-
SHA256
fa68fb7b9b57f1ad358e829acee0b7db926d78a5f5a4434837fa96b4653c2cb7
-
SHA512
709cdbf8ac69d1aa0b4cdaf390278e15d71e07f8df2557f5c143580917ae23060b307f8c197e5fb7c49071ecdad63f6226da9bd510069a6c36a0ba70ed3e9dab
-
SSDEEP
98304:bV5Y4P6vQBpwXgOlx8UJEZMFdEMaMFQvpI3:sW6vQ8d8UJE+FOMKpI3
-
Drops file in Drivers directory
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1