General
-
Target
Yenn Cool.exe
-
Size
13.7MB
-
Sample
241112-wvr7gsybnd
-
MD5
d89381619305364692ac8909829bb530
-
SHA1
ff72c031096443048764a2bebdc482efeb605de1
-
SHA256
7050faa77423879af7a746ec4868ca467b26bcbc690c1f240a86ab5a8b01a591
-
SHA512
f7b8047703d691003610bf75dbb509be3afb79fc9b0b81f087e8522f4620fa8442d90d59a8843cfa716ed2ef70eaa87c39a799af228c0f789b1d1260481fe7a3
-
SSDEEP
393216:YiIE7Yopp5Yk3meBcGfd9YMpnk9OneZo:57r9YaT5F9YS9So
Behavioral task
behavioral1
Sample
Yenn Cool.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
Yenn Cool.exe
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
cstealer.pyc
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral4
Sample
cstealer.pyc
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
Yenn Cool.exe
-
Size
13.7MB
-
MD5
d89381619305364692ac8909829bb530
-
SHA1
ff72c031096443048764a2bebdc482efeb605de1
-
SHA256
7050faa77423879af7a746ec4868ca467b26bcbc690c1f240a86ab5a8b01a591
-
SHA512
f7b8047703d691003610bf75dbb509be3afb79fc9b0b81f087e8522f4620fa8442d90d59a8843cfa716ed2ef70eaa87c39a799af228c0f789b1d1260481fe7a3
-
SSDEEP
393216:YiIE7Yopp5Yk3meBcGfd9YMpnk9OneZo:57r9YaT5F9YS9So
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
cstealer.pyc
-
Size
75KB
-
MD5
9ce7e95ef2d91a18cff76642c2f1e84b
-
SHA1
f717c6aa54cd4a310bfd7db3b4d19481f55b76cc
-
SHA256
08a525b8b94ebef21453061daf911cd41eca47c0a11f871d2bf9b64094159cc2
-
SHA512
52d62fbc6eb0de149e6f30da540d581a45dd4cf251aa3a86f4f8a9059f914955a832dcab6f8c69c7a9e06b31326e2651f02c2c3556a12c02bf6195704ec68600
-
SSDEEP
1536:NH8WOzxPVpuOsJlm4I2Is8kRaO+ZWguXvDcDRhew:NH8JF72Is89egmvDcDRZ
Score3/10 -