Resubmissions

08-07-2024 18:48

240708-xfyamatapr 10

08-07-2024 18:25

240708-w2l9tascqp 10

General

  • Target

    BloodFMx64x.exe

  • Size

    21.9MB

  • MD5

    702ab1cadcca9c85d9d3e577d28371c6

  • SHA1

    606addfb7b10515f41e61e5832fdf45abc483bee

  • SHA256

    9f8c98828eecab0beeb2f6db642a2820ba10160379663756cc7723d7df1f7de6

  • SHA512

    7f4304ff36f1a5c9302ecd67d9bc1b3b9e3e15733819d904642856d2b740b827abb8cff7368f3c99e74520bf87fc247297bf6f4b97443a4ac5100ceb9142ce79

  • SSDEEP

    393216:iu7L/sQ1DKmr2pu0tTtdQuslRl99oWOv+9ge6DRXAbejH:iCL0Q1DKmr2puI5dQuqDorvSghRwbO

Malware Config

Signatures

  • An infostealer written in Python and packaged with PyInstaller. 1 IoCs
  • Crealstealer family
  • Nanocore family
  • Njrat family
  • Detects Pyinstaller 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • BloodFMx64x.exe
    .exe windows:5 windows x86 arch:x86

    9222d372923baed7aa9dfa28449a94ea


    Headers

    Imports

    Sections

  • Creal.pyc