General
-
Target
Yenn Cool.exe
-
Size
13.7MB
-
Sample
241112-wnww4axjas
-
MD5
d89381619305364692ac8909829bb530
-
SHA1
ff72c031096443048764a2bebdc482efeb605de1
-
SHA256
7050faa77423879af7a746ec4868ca467b26bcbc690c1f240a86ab5a8b01a591
-
SHA512
f7b8047703d691003610bf75dbb509be3afb79fc9b0b81f087e8522f4620fa8442d90d59a8843cfa716ed2ef70eaa87c39a799af228c0f789b1d1260481fe7a3
-
SSDEEP
393216:YiIE7Yopp5Yk3meBcGfd9YMpnk9OneZo:57r9YaT5F9YS9So
Behavioral task
behavioral1
Sample
Yenn Cool.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Yenn Cool.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Yenn Cool.exe
-
Size
13.7MB
-
MD5
d89381619305364692ac8909829bb530
-
SHA1
ff72c031096443048764a2bebdc482efeb605de1
-
SHA256
7050faa77423879af7a746ec4868ca467b26bcbc690c1f240a86ab5a8b01a591
-
SHA512
f7b8047703d691003610bf75dbb509be3afb79fc9b0b81f087e8522f4620fa8442d90d59a8843cfa716ed2ef70eaa87c39a799af228c0f789b1d1260481fe7a3
-
SSDEEP
393216:YiIE7Yopp5Yk3meBcGfd9YMpnk9OneZo:57r9YaT5F9YS9So
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-