General
-
Target
43ac48fa6e49b57b5886628fc841d13f3acd39a865097efa3196c564e86b6357.zip
-
Size
14.1MB
-
Sample
241123-2f7xaaznas
-
MD5
6d834cbd1890852162f7aee19f772a6f
-
SHA1
18478a2e2ff78b85e171c586a707da3afe353c35
-
SHA256
493f34b6765249c2e1c895a67c4c710ef04eed6481766a701dff9aa47a1b5026
-
SHA512
d7e64cbfcad0d1d581d51f34e639e071e37b691263dedf5a74f4b36f138313245f7b614c9f8c4def36cdd61fdb2ab3908080be2d1aa72ee482ac50924a2e7a3c
-
SSDEEP
393216:IxtN7LULp/bcHid3IxVswMJT1E0RJM6DW94yJ2zkNcd:IxTnULpV/eiTfyJQkNcd
Behavioral task
behavioral1
Sample
43ac48fa6e49b57b5886628fc841d13f3acd39a865097efa3196c564e86b6357.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
43ac48fa6e49b57b5886628fc841d13f3acd39a865097efa3196c564e86b6357.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
43ac48fa6e49b57b5886628fc841d13f3acd39a865097efa3196c564e86b6357.exe
-
Size
14.3MB
-
MD5
111f77941b7654e8c728a77b49b11969
-
SHA1
6f7dc6e8ed6fca87966226be1b05ec5aaa1639cb
-
SHA256
43ac48fa6e49b57b5886628fc841d13f3acd39a865097efa3196c564e86b6357
-
SHA512
3f78050f7687e64152313ac130e406e8b886e3510d066b66db15cbc6bacb458a7e77410150f625030149c22ebd237c7c40847b13b67c3b19ff45998352d70998
-
SSDEEP
196608:Iw0sKYu/PaQ+DuvfcdQmRJ8dA6lSuqaycBIGpEqo6hTOv+QKfwJDEENxgTkSGlyP:1QQdQuslSq9RoWOv+9fgDfMIyvBF
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-