General
-
Target
update.exe
-
Size
11.1MB
-
Sample
241014-yxc7fsxgrq
-
MD5
1d35392329ef25a999a70878f624c113
-
SHA1
e37f93b696df4530c79344336e7395f02ae4ab30
-
SHA256
65d94a848093db27c5152b5a24363bff340dd4f755d1d4bf77fa889f3628aab2
-
SHA512
2f03167bfe333ab1eb1c679066c815a03422f7993328c11748866128496a38a0f41573647ea5e2b7a9d490fa64f075feb193a33f387e4c3da63c723d47f5ecf2
-
SSDEEP
196608:eW9Yi0nCtNUHVEo+2XMCHGLLc54i1wN+ojXx5nDasqWQ2dTNUGdJP6kal8+iITxS:P9Yi0CtmHVEb2XMCHWUjAjx5WsqWxTV/
Behavioral task
behavioral1
Sample
update.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
update.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
update.exe
-
Size
11.1MB
-
MD5
1d35392329ef25a999a70878f624c113
-
SHA1
e37f93b696df4530c79344336e7395f02ae4ab30
-
SHA256
65d94a848093db27c5152b5a24363bff340dd4f755d1d4bf77fa889f3628aab2
-
SHA512
2f03167bfe333ab1eb1c679066c815a03422f7993328c11748866128496a38a0f41573647ea5e2b7a9d490fa64f075feb193a33f387e4c3da63c723d47f5ecf2
-
SSDEEP
196608:eW9Yi0nCtNUHVEo+2XMCHGLLc54i1wN+ojXx5nDasqWQ2dTNUGdJP6kal8+iITxS:P9Yi0CtmHVEb2XMCHWUjAjx5WsqWxTV/
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-