General
-
Target
file.exe
-
Size
6.3MB
-
Sample
240910-ft93xaxhmp
-
MD5
b36f21ca653ea179246c98cda2373879
-
SHA1
e51277a723ca0cc7f48d8e99dbc471f42b57cb62
-
SHA256
ce083654b6506740c3a45c15e4fb24dcd05cd39e6509bdeeeedd330750a9511a
-
SHA512
9c4baec021ce15717366fa2e29af22b28673515e5e837b4a2441842d6eaa1fe4b29d2e9f24809a38b637e18f2ba43db7848708d0ad53552fe26dcd7daa107e80
-
SSDEEP
49152:LZQCY6KFqjMJ9nFpnRmTH4S3dvxqydZMuhLpR+mXsU4AXe8BRDWOvryIkAw3W:2C6R4BdvsydZrzZsU4AXNrDcIrgW
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
cryptbot
tventyv20pn.top
analforeverlovyu.top
-
url_path
/v1/upload.php
Targets
-
-
Target
file.exe
-
Size
6.3MB
-
MD5
b36f21ca653ea179246c98cda2373879
-
SHA1
e51277a723ca0cc7f48d8e99dbc471f42b57cb62
-
SHA256
ce083654b6506740c3a45c15e4fb24dcd05cd39e6509bdeeeedd330750a9511a
-
SHA512
9c4baec021ce15717366fa2e29af22b28673515e5e837b4a2441842d6eaa1fe4b29d2e9f24809a38b637e18f2ba43db7848708d0ad53552fe26dcd7daa107e80
-
SSDEEP
49152:LZQCY6KFqjMJ9nFpnRmTH4S3dvxqydZMuhLpR+mXsU4AXe8BRDWOvryIkAw3W:2C6R4BdvsydZrzZsU4AXNrDcIrgW
Score10/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-