General
-
Target
ToulouseGame.exe
-
Size
57.3MB
-
Sample
241023-trfceayhqa
-
MD5
c958b07557ca9c4a96188bf83a81cc9f
-
SHA1
fe564077a9cd8bf94b47a2e75bab83b2fa43169a
-
SHA256
02cc4c1ff1c024ec184182e0053a550a947d6712177ac8c4674b60e8208f2d10
-
SHA512
f40b944a6db35a9c90b6b5c718b2b0670c0591c933e1e89cf3e8ac2c663161137d8d4f7c617e19c37af66dbbde3cb96c69d5c6d549edc0ba48f477a823f21dd9
-
SSDEEP
786432:B9/QTk67QqMoknvNpA+vIlo0FdGgCdbzKvIjjk3ESWqEjT/4ijbCxXTv:3/QwYQqMrlpA+Ql4JdKvIswqm3wD
Static task
static1
Behavioral task
behavioral1
Sample
ToulouseGame.exe
Resource
win10v2004-20241007-fr
Malware Config
Targets
-
-
Target
ToulouseGame.exe
-
Size
57.3MB
-
MD5
c958b07557ca9c4a96188bf83a81cc9f
-
SHA1
fe564077a9cd8bf94b47a2e75bab83b2fa43169a
-
SHA256
02cc4c1ff1c024ec184182e0053a550a947d6712177ac8c4674b60e8208f2d10
-
SHA512
f40b944a6db35a9c90b6b5c718b2b0670c0591c933e1e89cf3e8ac2c663161137d8d4f7c617e19c37af66dbbde3cb96c69d5c6d549edc0ba48f477a823f21dd9
-
SSDEEP
786432:B9/QTk67QqMoknvNpA+vIlo0FdGgCdbzKvIjjk3ESWqEjT/4ijbCxXTv:3/QwYQqMrlpA+Ql4JdKvIswqm3wD
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3