General
-
Target
ef3eb2d2f41b013f9ea91d2341504dc3f4dcca244ca37853e87577f870945882
-
Size
6.3MB
-
Sample
240906-l9rt6a1djb
-
MD5
71c2237a47fb22f1a0f18c607922d961
-
SHA1
4a8fd6856e5cdb6e16bcd5bf7e51dfe451e00d57
-
SHA256
ef3eb2d2f41b013f9ea91d2341504dc3f4dcca244ca37853e87577f870945882
-
SHA512
e83c37407b412acbb1e31c00717ee14db18ba44ad61c38c1804519f812e5f555bfb9b009a6e60bdb9e9660a8edb95cb126e326849267a4ac774c89d060dbfabd
-
SSDEEP
49152:ME9iLsYFZK55qIeTnCp9XdeOzamT0q7bunoh4HRLYipbY9wty7pu2Y1gwsfWY/RN:J2+5JeYt/T06unoaHF77F3zOJGP12
Static task
static1
Behavioral task
behavioral1
Sample
ef3eb2d2f41b013f9ea91d2341504dc3f4dcca244ca37853e87577f870945882.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
ef3eb2d2f41b013f9ea91d2341504dc3f4dcca244ca37853e87577f870945882.exe
Resource
win11-20240802-en
Malware Config
Extracted
cryptbot
threv3pt.top
analforeverlovyu.top
-
url_path
/v1/upload.php
Targets
-
-
Target
ef3eb2d2f41b013f9ea91d2341504dc3f4dcca244ca37853e87577f870945882
-
Size
6.3MB
-
MD5
71c2237a47fb22f1a0f18c607922d961
-
SHA1
4a8fd6856e5cdb6e16bcd5bf7e51dfe451e00d57
-
SHA256
ef3eb2d2f41b013f9ea91d2341504dc3f4dcca244ca37853e87577f870945882
-
SHA512
e83c37407b412acbb1e31c00717ee14db18ba44ad61c38c1804519f812e5f555bfb9b009a6e60bdb9e9660a8edb95cb126e326849267a4ac774c89d060dbfabd
-
SSDEEP
49152:ME9iLsYFZK55qIeTnCp9XdeOzamT0q7bunoh4HRLYipbY9wty7pu2Y1gwsfWY/RN:J2+5JeYt/T06unoaHF77F3zOJGP12
Score10/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-