General
-
Target
4a5a3e78f26afc3439ad4c1f5245353f5cb429355471d025919435c06af89ac3
-
Size
6.4MB
-
Sample
240906-wbas4azckm
-
MD5
3d1a9c6cc39f62d16e607e3024c34945
-
SHA1
980dfcb714b0de1470f94e243af75811d0fb4552
-
SHA256
4a5a3e78f26afc3439ad4c1f5245353f5cb429355471d025919435c06af89ac3
-
SHA512
8f30abba9f60200fd1695d2ccbf24f54652f27cf6a522cf58e003baea0c8f1e7c22112570ce34545ca61418b093d642804f9bc0dc570176d55194eddc0fd25dc
-
SSDEEP
98304:yuEL8PrbbdWhkhysgPMQtupecLz8K9U4J+x3lDO2Nh5:yuO8PrbbiH9OAK9XJAD3h5
Static task
static1
Behavioral task
behavioral1
Sample
4a5a3e78f26afc3439ad4c1f5245353f5cb429355471d025919435c06af89ac3.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
4a5a3e78f26afc3439ad4c1f5245353f5cb429355471d025919435c06af89ac3.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
cryptbot
tventyv20pt.top
analforeverlovyu.top
-
url_path
/v1/upload.php
Targets
-
-
Target
4a5a3e78f26afc3439ad4c1f5245353f5cb429355471d025919435c06af89ac3
-
Size
6.4MB
-
MD5
3d1a9c6cc39f62d16e607e3024c34945
-
SHA1
980dfcb714b0de1470f94e243af75811d0fb4552
-
SHA256
4a5a3e78f26afc3439ad4c1f5245353f5cb429355471d025919435c06af89ac3
-
SHA512
8f30abba9f60200fd1695d2ccbf24f54652f27cf6a522cf58e003baea0c8f1e7c22112570ce34545ca61418b093d642804f9bc0dc570176d55194eddc0fd25dc
-
SSDEEP
98304:yuEL8PrbbdWhkhysgPMQtupecLz8K9U4J+x3lDO2Nh5:yuO8PrbbiH9OAK9XJAD3h5
Score10/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-