General
-
Target
build.exe
-
Size
6.9MB
-
Sample
240629-gfrj3svfqm
-
MD5
4fa078342c6a273bbac064ee2b7f8e05
-
SHA1
70072ac8a487353ea0c2e15bb8999596b8aa33a9
-
SHA256
c5a659ee3adc8a65101dcbee49af33f4aa9450cfe9f7230c462f49bb70f3d596
-
SHA512
978e70f151ba9b05bc304d3609fe5669b3918c5dbbbeed357a5310cb4cfd385a60c77f7488af87ffd25185b356a26268c6e41010c39e2d101665b303a57c2b0a
-
SSDEEP
98304:XnzHqdVfB2FS27w2S3yuT/9vUIdD9C+z3zO917vOTh+ezDNh79vmJ1nmOBN9n4m7:XLQsBS3bT/9bvLz3S1bA3zsn97+0F
Behavioral task
behavioral1
Sample
build.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
build.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
build.exe
-
Size
6.9MB
-
MD5
4fa078342c6a273bbac064ee2b7f8e05
-
SHA1
70072ac8a487353ea0c2e15bb8999596b8aa33a9
-
SHA256
c5a659ee3adc8a65101dcbee49af33f4aa9450cfe9f7230c462f49bb70f3d596
-
SHA512
978e70f151ba9b05bc304d3609fe5669b3918c5dbbbeed357a5310cb4cfd385a60c77f7488af87ffd25185b356a26268c6e41010c39e2d101665b303a57c2b0a
-
SSDEEP
98304:XnzHqdVfB2FS27w2S3yuT/9vUIdD9C+z3zO917vOTh+ezDNh79vmJ1nmOBN9n4m7:XLQsBS3bT/9bvLz3S1bA3zsn97+0F
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-