General
-
Target
unnamedgame.exe
-
Size
6.9MB
-
Sample
240709-1r9pksxhpl
-
MD5
dd7004fc866d6f2872e0771b24d8d206
-
SHA1
adc25bdc1d43c2fe970870f3f1152029056591f2
-
SHA256
da5f0322d31a05d525ee8b37a748670be35647c692a85fdb8997742f5fed3524
-
SHA512
bb64b65790b28cbf78723e49ff21ecfe6d081f41ccccbdc2df1d3ebbd52c05f3e623c49d45820307bd1218bd8412a5ef574870f28e22898f7dfbbdfa72e69dee
-
SSDEEP
98304:Hr7YzdbM+Q2y+RvK/+6jOjFgFQlwq4Mjk+dBZtu9xTtwz/aer6/BbLqledV1BqDS:Hr7e/vQOjmFQR4MVGFtwLPNledV1YnO
Malware Config
Targets
-
-
Target
unnamedgame.exe
-
Size
6.9MB
-
MD5
dd7004fc866d6f2872e0771b24d8d206
-
SHA1
adc25bdc1d43c2fe970870f3f1152029056591f2
-
SHA256
da5f0322d31a05d525ee8b37a748670be35647c692a85fdb8997742f5fed3524
-
SHA512
bb64b65790b28cbf78723e49ff21ecfe6d081f41ccccbdc2df1d3ebbd52c05f3e623c49d45820307bd1218bd8412a5ef574870f28e22898f7dfbbdfa72e69dee
-
SSDEEP
98304:Hr7YzdbM+Q2y+RvK/+6jOjFgFQlwq4Mjk+dBZtu9xTtwz/aer6/BbLqledV1BqDS:Hr7e/vQOjmFQR4MVGFtwLPNledV1YnO
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
�A%�J��.pyc
-
Size
1KB
-
MD5
08dfe2e41d86790aca352f4afeef2d53
-
SHA1
8cf13f200eaa79044bca4aabfed494bef5ea395d
-
SHA256
20cce0e10d0ed82dab2d0060a45747f421e158eeff62f64d794de01851a36328
-
SHA512
bfcd44697c2c624c260840b2a74535b7a782b3ed12613ead2e6c7d611cbc5dbc65bf0aa0929dc57db501fb7ae3c7b0524ddfda4236c9d59dd737fbafd36dabb0
Score1/10 -