General
-
Target
e6b70143aaec2a59768be690eb1d83c635e373e9220e93127a5535cf2fb11d3f
-
Size
122KB
-
Sample
240819-fz9dkawdrf
-
MD5
bc5743fe2018d700b70d4fd110818f63
-
SHA1
514314703c56998beb46c1ad96cce0610b78b7dc
-
SHA256
e6b70143aaec2a59768be690eb1d83c635e373e9220e93127a5535cf2fb11d3f
-
SHA512
9cf7fb662ba98cd3ff19773adc9d87e3d0fe0e60d348ba08dfde2a1a9b1bff4ab2447ab26475d9e6213e2619920414e1c1e5c74994dfa8040f8123c838c02e8a
-
SSDEEP
3072:BgfZUN2MFqFCmgPo8Mepw+lFinQP29MtCY:qKsMFqFCmgXpw+lgQeytr
Behavioral task
behavioral1
Sample
bc3a66a87018863d22a6a7a9afd15f0af5499d021f0ede01466011e0a64a0ce1.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
bc3a66a87018863d22a6a7a9afd15f0af5499d021f0ede01466011e0a64a0ce1.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
44caliber
https://discord.com/api/webhooks/1254423260591030333/Im8Y-IPgPJTWTloM0jy_llzrxAFZLtGLTGrSJEpTfiSbOm4QV3WSBgCXN7xBYLC5ajH9
Targets
-
-
Target
bc3a66a87018863d22a6a7a9afd15f0af5499d021f0ede01466011e0a64a0ce1.exe
-
Size
303KB
-
MD5
74d3f720e38b834198fee67e020bb736
-
SHA1
5fab6ccb0748a2de502b877c34d2409b1118bd30
-
SHA256
bc3a66a87018863d22a6a7a9afd15f0af5499d021f0ede01466011e0a64a0ce1
-
SHA512
f4ae410699ba0a4cc21fa946e51f5364ab13ac176627509a346bcb7924ae76b23149ba78f643211d64bc59d7eef81d304b477b3310d09eb797c07afdddee0277
-
SSDEEP
6144:b1E0T6MDdbICydeB1MnyCvG/9GzC6jmA1D0Lyf:b1z6yCvGFG+Y1D1f
Score10/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-