General
-
Target
Astro Valo.exe
-
Size
8.2MB
-
Sample
240629-2cm3ps1flq
-
MD5
22c131fe3790abbc8d38cdc29f79ee01
-
SHA1
d5c75544dba473af94bbe4bcd76bd2aeae47fb40
-
SHA256
676549d19874263b561eecbd5ec44bf9ed0587152b988eec8ee3b1511a1cde0b
-
SHA512
8d8fc2d701411ac59f5867c1013f94d1ad0519373f802bd5b01021faeb37c6c7d7aa8bf25d7e6486d17b86ffce636e0284a696869de03302847f859d462fb4cd
-
SSDEEP
196608:oj8P5/Ljv+bhqNVoB0SEsucQZ41JBEPIM11t2:m8P5TL+9qz80SJHQK1JK/1v2
Behavioral task
behavioral1
Sample
Astro Valo.exe
Resource
win11-20240611-en
Malware Config
Targets
-
-
Target
Astro Valo.exe
-
Size
8.2MB
-
MD5
22c131fe3790abbc8d38cdc29f79ee01
-
SHA1
d5c75544dba473af94bbe4bcd76bd2aeae47fb40
-
SHA256
676549d19874263b561eecbd5ec44bf9ed0587152b988eec8ee3b1511a1cde0b
-
SHA512
8d8fc2d701411ac59f5867c1013f94d1ad0519373f802bd5b01021faeb37c6c7d7aa8bf25d7e6486d17b86ffce636e0284a696869de03302847f859d462fb4cd
-
SSDEEP
196608:oj8P5/Ljv+bhqNVoB0SEsucQZ41JBEPIM11t2:m8P5TL+9qz80SJHQK1JK/1v2
Score8/10-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-