General
-
Target
40b436c682b2055091fe80c8809ed127e783cb934a1cf342d84db7dac9df6463
-
Size
6.4MB
-
Sample
240909-1lstwatena
-
MD5
14000093998e963dcccc98a7162574c4
-
SHA1
52e5c0d7fd74a697740f3780f17ca12dd526a295
-
SHA256
40b436c682b2055091fe80c8809ed127e783cb934a1cf342d84db7dac9df6463
-
SHA512
562032fab6549498083bbbea8be678731902083f47f02a856ca4e31391c15cc16ee9ee16c164242cef333d505c8ebf56060a3a6161d3dc6926d229e644fa6f3c
-
SSDEEP
98304:fBDzmHzcbKRVojDs5lfPKtVQ2rGNG6qUXynD4nuSDDC:JEzXQ/sfPCQ2rGNMFnD4HDC
Static task
static1
Behavioral task
behavioral1
Sample
40b436c682b2055091fe80c8809ed127e783cb934a1cf342d84db7dac9df6463.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
40b436c682b2055091fe80c8809ed127e783cb934a1cf342d84db7dac9df6463.exe
Resource
win11-20240802-en
Malware Config
Extracted
cryptbot
siv6pn.top
analforeverlovyu.top
-
url_path
/v1/upload.php
Targets
-
-
Target
40b436c682b2055091fe80c8809ed127e783cb934a1cf342d84db7dac9df6463
-
Size
6.4MB
-
MD5
14000093998e963dcccc98a7162574c4
-
SHA1
52e5c0d7fd74a697740f3780f17ca12dd526a295
-
SHA256
40b436c682b2055091fe80c8809ed127e783cb934a1cf342d84db7dac9df6463
-
SHA512
562032fab6549498083bbbea8be678731902083f47f02a856ca4e31391c15cc16ee9ee16c164242cef333d505c8ebf56060a3a6161d3dc6926d229e644fa6f3c
-
SSDEEP
98304:fBDzmHzcbKRVojDs5lfPKtVQ2rGNG6qUXynD4nuSDDC:JEzXQ/sfPCQ2rGNMFnD4HDC
Score10/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-