General
-
Target
FindWalletv3.2-Crack.exe
-
Size
3.6MB
-
Sample
241025-hmxv4sxckn
-
MD5
a5aad19f2467992040dce284a1d34016
-
SHA1
9bf000680f2870272ba9f0403ca4dc526fb7c16c
-
SHA256
6131f59ade95f5aaf4f78c1cbd31f033ae508bae3418d30ad9b7e35e3f96beb6
-
SHA512
826ba74121fc2da46e5c2c84bd758b367febbb90ff408abc723c4e7add75a8b3991fa21f19eae884b1979d9fe845d6fa5ef68a33c4a815c0d90bc58b83ef3d47
-
SSDEEP
24576:E8j/svhs+hp5kH4vysV988IMf4r27GCS040YVqxzvXyKxNt38GT8JDPVv5+2tsbV:E8j/MW+ise8IW4rF5ovXy6t7BQj1PU
Behavioral task
behavioral1
Sample
FindWalletv3.2-Crack.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
FindWalletv3.2-Crack.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
FindWalletv3.2-Crack.exe
-
Size
3.6MB
-
MD5
a5aad19f2467992040dce284a1d34016
-
SHA1
9bf000680f2870272ba9f0403ca4dc526fb7c16c
-
SHA256
6131f59ade95f5aaf4f78c1cbd31f033ae508bae3418d30ad9b7e35e3f96beb6
-
SHA512
826ba74121fc2da46e5c2c84bd758b367febbb90ff408abc723c4e7add75a8b3991fa21f19eae884b1979d9fe845d6fa5ef68a33c4a815c0d90bc58b83ef3d47
-
SSDEEP
24576:E8j/svhs+hp5kH4vysV988IMf4r27GCS040YVqxzvXyKxNt38GT8JDPVv5+2tsbV:E8j/MW+ise8IW4rF5ovXy6t7BQj1PU
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2