General
-
Target
extract.rar
-
Size
20.2MB
-
Sample
240910-rzlhaaxhqk
-
MD5
fc154e8e90e53b7edcdec1303221c87b
-
SHA1
6cf240924796bbdd0aee650d73fc3c0b8f3048aa
-
SHA256
dd142b47e5bb1625c1b8b0ede73b41101d63e59116d21029ab64794809709675
-
SHA512
e08d32ed5ee0ee53c491f4a4405fa5824aba1bf7d13fe4fa8ead6d15046117ffccbdfd7ef22aefac48c720653ee34893cddad120d365cda935f5f64f6d099f3c
-
SSDEEP
393216:7NqvvpKx/8smzmI9HsfgQKi/F9rUFiImz/SB70dgkxyveYvxetGeVV94:cvvMx/8sqvHsfgQKmDIi6agHJesyVi
Static task
static1
Behavioral task
behavioral1
Sample
Set-up.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Set-up.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
cryptbot
forv14pn.top
-
url_path
/v1/upload.php
Targets
-
-
Target
Set-up.exe
-
Size
6.3MB
-
MD5
334beed5851da0d5cb75bc243ba1b375
-
SHA1
8e62bd80ecbbd392623bfd9145c2c52f5f072624
-
SHA256
e809f6469c269f3bf3aec45124bb5cecd37d41aa431bb57f9ed11c9bc789b2d9
-
SHA512
906311a3f6d7ba22f5e95975df71b4d27815491404c00856767ecbde1da7115cbbddc4e234fd38c3e901175db38f8f3526d2662ac62c81a1b461f1ae02a3896a
-
SSDEEP
98304:6tUNUi7mZ4QaiCDV8SpHR6gda7J2FvyJ/Ve:6ziqZ4QaN8SRR6gd6cFI/Ve
Score10/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1