General
-
Target
channel5.exe
-
Size
6.3MB
-
Sample
240907-k5l8fawdqr
-
MD5
f76c413e2e42da259c5594db6d2ab4db
-
SHA1
28480d08e96b968143424098489834c598c97f5c
-
SHA256
492515dc984b30f544dc307ac462f02a76dbdff487fd873fe47bf3c5d26cdc8e
-
SHA512
fbca5f7ee919b1d3b46c8a051ceb4f44b2a22c986ab7342469575ea37951db5acb0623bb18c635ba1d8dd87f8b059914829013b07c29cb416ddbddc3e6c2e08c
-
SSDEEP
98304:kh1mIQzUtXZ7Ijhh2Wfs7YO/6/HRkRYhqaxuiomZX:khoWJZ78h2WtOi/HRkRYhNokX
Static task
static1
Behavioral task
behavioral1
Sample
channel5.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
channel5.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
cryptbot
thirtv13pt.top
analforeverlovyu.top
-
url_path
/v1/upload.php
Targets
-
-
Target
channel5.exe
-
Size
6.3MB
-
MD5
f76c413e2e42da259c5594db6d2ab4db
-
SHA1
28480d08e96b968143424098489834c598c97f5c
-
SHA256
492515dc984b30f544dc307ac462f02a76dbdff487fd873fe47bf3c5d26cdc8e
-
SHA512
fbca5f7ee919b1d3b46c8a051ceb4f44b2a22c986ab7342469575ea37951db5acb0623bb18c635ba1d8dd87f8b059914829013b07c29cb416ddbddc3e6c2e08c
-
SSDEEP
98304:kh1mIQzUtXZ7Ijhh2Wfs7YO/6/HRkRYhqaxuiomZX:khoWJZ78h2WtOi/HRkRYhNokX
Score10/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-