General
-
Target
12112024_0002_Payload.exe
-
Size
25.0MB
-
Sample
241112-abp25atjar
-
MD5
a0044986eec99f4b05358f1457be6ee8
-
SHA1
bed5076d966b94c942487fd04e7074e861235ba2
-
SHA256
24c7c6cc3124b20c717ac485e263193e351f0ab2e672b353b38688ba218bda9a
-
SHA512
3ddb80bb5957cf514180692550fc5e3a916cb75d0cb99433924399f8185c0466eaf5deb6c77cb92daee3e9eec251a4479dfdf7968bd55bb47645a24d596860c3
-
SSDEEP
786432:i9YiJVl8ZMj3hr8AW+e5RP96R+c+U4VdF5Kd:i98a3hr8AW+eHPgR6U4VdXKd
Behavioral task
behavioral1
Sample
12112024_0002_Payload.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
12112024_0002_Payload.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
12112024_0002_Payload.exe
-
Size
25.0MB
-
MD5
a0044986eec99f4b05358f1457be6ee8
-
SHA1
bed5076d966b94c942487fd04e7074e861235ba2
-
SHA256
24c7c6cc3124b20c717ac485e263193e351f0ab2e672b353b38688ba218bda9a
-
SHA512
3ddb80bb5957cf514180692550fc5e3a916cb75d0cb99433924399f8185c0466eaf5deb6c77cb92daee3e9eec251a4479dfdf7968bd55bb47645a24d596860c3
-
SSDEEP
786432:i9YiJVl8ZMj3hr8AW+e5RP96R+c+U4VdF5Kd:i98a3hr8AW+eHPgR6U4VdXKd
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-