General
-
Target
66dd5fafdeab3_lyla.exe
-
Size
6.4MB
-
Sample
240908-pqqpjawdlp
-
MD5
cb5ad18649a907f49154af26ad332030
-
SHA1
46acabf085b42f39bf085432ce436a2d895d8dad
-
SHA256
8874ee4d9c878a6dc7f2681ec36df05cb09c44ccb3be0ec89569f5bdece80519
-
SHA512
36363dde451354f6e87ee48a2b68a55cec92887a49e40844141e60ff9374b694aa6a3225a20dfb3f496d1fe0ebf6be7551adf1109ae037dfa80ad7387a19cd8c
-
SSDEEP
98304:nrNPA5ZwbswWhll1i2BXyv7KAqGSHqstqtZQbYSx:nrNA0ii2BX8xWqtZQsSx
Static task
static1
Behavioral task
behavioral1
Sample
66dd5fafdeab3_lyla.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
66dd5fafdeab3_lyla.exe
Resource
win7-20240729-en
Behavioral task
behavioral3
Sample
66dd5fafdeab3_lyla.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
66dd5fafdeab3_lyla.exe
Resource
win11-20240802-en
Malware Config
Extracted
cryptbot
tventyv20sb.top
analforeverlovyu.top
-
url_path
/v1/upload.php
Targets
-
-
Target
66dd5fafdeab3_lyla.exe
-
Size
6.4MB
-
MD5
cb5ad18649a907f49154af26ad332030
-
SHA1
46acabf085b42f39bf085432ce436a2d895d8dad
-
SHA256
8874ee4d9c878a6dc7f2681ec36df05cb09c44ccb3be0ec89569f5bdece80519
-
SHA512
36363dde451354f6e87ee48a2b68a55cec92887a49e40844141e60ff9374b694aa6a3225a20dfb3f496d1fe0ebf6be7551adf1109ae037dfa80ad7387a19cd8c
-
SSDEEP
98304:nrNPA5ZwbswWhll1i2BXyv7KAqGSHqstqtZQbYSx:nrNA0ii2BX8xWqtZQsSx
Score10/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-