General
-
Target
Insidious (infected).zip
-
Size
118KB
-
Sample
241017-kzk37avajk
-
MD5
198252675b51113d75e4882308aaca8f
-
SHA1
10f28effa0d67246bb27e8fc57253b5dd6ee68f5
-
SHA256
faf5e92c9ba356368e05b0374c4ed3f2c2da36eda0fcf1cf2c2b6abab1616503
-
SHA512
ac8fd8cad0e208cbcd7b769c77d50683d565feeb5d2f2d4ee610dccb8e32f97842e24643fbf290179b9a56c07799331709fd611fb900df1d7a365fb21c3e711b
-
SSDEEP
3072:KO9vFZR0sTaxWpey0vb7jMv0zjEP12aqVm:KOj9ascDXMv3d2aqVm
Malware Config
Extracted
44caliber
https://discord.com/api/webhooks/1294513700799123476/jcrDYM1wi5rgaYktzvL6L2nE50ZpJ-pdnRrXxz84NCLRYLPfCMN8DTOd97Uc_z3FKP5j
Targets
-
-
Target
Insidious.exe
-
Size
303KB
-
MD5
1667298a8a38e435c330d1decf48347a
-
SHA1
8ed1c41d7a9c59a52edc6ad608229fbd7492c763
-
SHA256
f89b8052ec6c4ab10a3332ab50b595cd675dc9043c308e0d37dc48cb6244bf72
-
SHA512
07462881d2d10db571f7e21e6d0cf115a5dbbb88c0afd3a118d88ddae2d9600db9201900866ea9e4adf0eec1f614f2f15ddac6ef69fdc5a3074f9e94eb39b203
-
SSDEEP
6144:zv1T6MDdbICydeBxbf0G3aLpbwsY6jmA1D0KJ6:zvD10G3alsbY1DL6
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-