General
-
Target
ROBOTJET.exe
-
Size
7.4MB
-
Sample
240628-xe277asbjn
-
MD5
409d59e9aa04abe27cfe3b8414178f2e
-
SHA1
56f8666217da380b91b4688d3d5f9c9e104e4bc3
-
SHA256
ec408b6c24db96b4b54e173e34c749330ae72640c715a6f67f2590bb249e26a7
-
SHA512
32238b3325bb36fe3f85a5c7dcc521654907aea771510989caaaeb684edef56f5142cd01eee068ed2f679053442e746a7964c185248ee414237f3ea3159d4be1
-
SSDEEP
196608:KA0cD/OD64Ljv+bhqNVoBKUh8mz4Iv9PwHtVe:oi/OD/L+9qz8/b4Iy/e
Behavioral task
behavioral1
Sample
ROBOTJET.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
ROBOTJET.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
ROBOTJET.exe
-
Size
7.4MB
-
MD5
409d59e9aa04abe27cfe3b8414178f2e
-
SHA1
56f8666217da380b91b4688d3d5f9c9e104e4bc3
-
SHA256
ec408b6c24db96b4b54e173e34c749330ae72640c715a6f67f2590bb249e26a7
-
SHA512
32238b3325bb36fe3f85a5c7dcc521654907aea771510989caaaeb684edef56f5142cd01eee068ed2f679053442e746a7964c185248ee414237f3ea3159d4be1
-
SSDEEP
196608:KA0cD/OD64Ljv+bhqNVoBKUh8mz4Iv9PwHtVe:oi/OD/L+9qz8/b4Iy/e
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-