General
-
Target
Staffbesting_Private.exe
-
Size
16.8MB
-
Sample
241215-1mp5daznak
-
MD5
454b279d44ee6560e8e2617c86e80c6f
-
SHA1
092c438dd4f49b090013002086a5a0215a38bc5c
-
SHA256
84dc07f9e850b5c47ebee63d4262ea9b7fa82a49b01132581b923d19858dc9e8
-
SHA512
28f2da6ea64f4e6bfee822fbb49e098797cf63361eea56f9357a727f3fa8b07c8f095b59256a688a1f429884ee7366072e5d268cbe2b5ef44cd7fb49ffa5367d
-
SSDEEP
393216:Tu7L/cxy/m3pqaUX47d4zjO8v/uOMzZlV:TCL0EKqaUI7d4zjO0elV
Behavioral task
behavioral1
Sample
Staffbesting_Private.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Staffbesting_Private.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Staffbesting_Private.exe
-
Size
16.8MB
-
MD5
454b279d44ee6560e8e2617c86e80c6f
-
SHA1
092c438dd4f49b090013002086a5a0215a38bc5c
-
SHA256
84dc07f9e850b5c47ebee63d4262ea9b7fa82a49b01132581b923d19858dc9e8
-
SHA512
28f2da6ea64f4e6bfee822fbb49e098797cf63361eea56f9357a727f3fa8b07c8f095b59256a688a1f429884ee7366072e5d268cbe2b5ef44cd7fb49ffa5367d
-
SSDEEP
393216:Tu7L/cxy/m3pqaUX47d4zjO8v/uOMzZlV:TCL0EKqaUI7d4zjO0elV
Score7/10-
Drops startup file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-