General
-
Target
85dfa304a2f5b3b7b45a7e8e782d521a0d999fe7a1c4906166b80491c5ff9462
-
Size
6.3MB
-
Sample
240907-xy537asepd
-
MD5
7fcb6e3cc96ac58f0451716c0c79b9bd
-
SHA1
504e3ffea9f303319b13e4c25fec4d312186b77c
-
SHA256
85dfa304a2f5b3b7b45a7e8e782d521a0d999fe7a1c4906166b80491c5ff9462
-
SHA512
6b23f0e1b8ea45b34b68004b42fb467bb85e4a5f81f3fd0fe81e8919f66ee31c5f4c9563fa5e74cf98f5d47cb1876e719fdd5728d0b3f9772a078cb2d34a6d05
-
SSDEEP
49152:I04465dqWX8xhJXK4G+Ey1oIpULJbXvy3kKnk+fLes54oCXWnL/G3NX0FcZJwMq5:I6yJb+hTeaRrTG3NEFcMM0MSAN/S
Static task
static1
Behavioral task
behavioral1
Sample
85dfa304a2f5b3b7b45a7e8e782d521a0d999fe7a1c4906166b80491c5ff9462.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
85dfa304a2f5b3b7b45a7e8e782d521a0d999fe7a1c4906166b80491c5ff9462.exe
Resource
win11-20240802-en
Malware Config
Extracted
cryptbot
siv6sb.top
analforeverlovyu.top
-
url_path
/v1/upload.php
Targets
-
-
Target
85dfa304a2f5b3b7b45a7e8e782d521a0d999fe7a1c4906166b80491c5ff9462
-
Size
6.3MB
-
MD5
7fcb6e3cc96ac58f0451716c0c79b9bd
-
SHA1
504e3ffea9f303319b13e4c25fec4d312186b77c
-
SHA256
85dfa304a2f5b3b7b45a7e8e782d521a0d999fe7a1c4906166b80491c5ff9462
-
SHA512
6b23f0e1b8ea45b34b68004b42fb467bb85e4a5f81f3fd0fe81e8919f66ee31c5f4c9563fa5e74cf98f5d47cb1876e719fdd5728d0b3f9772a078cb2d34a6d05
-
SSDEEP
49152:I04465dqWX8xhJXK4G+Ey1oIpULJbXvy3kKnk+fLes54oCXWnL/G3NX0FcZJwMq5:I6yJb+hTeaRrTG3NEFcMM0MSAN/S
Score10/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-