General
-
Target
Executor - .ggexecutor.exe
-
Size
20.5MB
-
Sample
241106-bdql4svlfj
-
MD5
6c70c518d4b59cbd04fe8ea34ef0a59f
-
SHA1
ba90ac18c5388f3cc887fbd783718953652da8ad
-
SHA256
c1ef62f58f140f78398e602a9df4351f8accf7a71709e5f53a6d5865605967fb
-
SHA512
7223cd939fd5f2b38046318f45d5b4993d8dbda9c1d074a255b0531c14b55c8bb37f990fb2314a5228a65836a001c396c5f07583944da64c5c94ac43906f5762
-
SSDEEP
393216:q9YiVVlj87dtwVoyo63hucVk3me5cGfdmnYM9/lNsondhLTW:q9YiVVl8ZwoQ3hrVaP5FEY8lTD
Behavioral task
behavioral1
Sample
Executor - .ggexecutor.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Executor - .ggexecutor.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Executor - .ggexecutor.exe
-
Size
20.5MB
-
MD5
6c70c518d4b59cbd04fe8ea34ef0a59f
-
SHA1
ba90ac18c5388f3cc887fbd783718953652da8ad
-
SHA256
c1ef62f58f140f78398e602a9df4351f8accf7a71709e5f53a6d5865605967fb
-
SHA512
7223cd939fd5f2b38046318f45d5b4993d8dbda9c1d074a255b0531c14b55c8bb37f990fb2314a5228a65836a001c396c5f07583944da64c5c94ac43906f5762
-
SSDEEP
393216:q9YiVVlj87dtwVoyo63hucVk3me5cGfdmnYM9/lNsondhLTW:q9YiVVl8ZwoQ3hrVaP5FEY8lTD
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-