General
-
Target
r3mv4g.bin
-
Size
8.4MB
-
Sample
250119-y4x57svlej
-
MD5
f0dd20d35e12f983a3825f02f94ceb97
-
SHA1
52540040164da66f8c49402b838e162d230310db
-
SHA256
d535219699109a75d08b623a2883f6460750b8c93f752e04873b781f0693a9cb
-
SHA512
69f9a63b9522d348e7b4b04263d674b06a1f680bf77c711858667b4c71133ac17574036809103226418aa4e02dbf227a34589d0807b548bf2f9534509dc142bf
-
SSDEEP
196608:s4ULjv+bhqNVoBLD7fEXEoYbiIv9VSE6vvk9fIiZ1d:50L+9qz8LD7fEUbiI6aQgz
Behavioral task
behavioral1
Sample
r3mv4g.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
r3mv4g.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
% ��<.pyc
Resource
win7-20241023-en
Behavioral task
behavioral4
Sample
% ��<.pyc
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
r3mv4g.bin
-
Size
8.4MB
-
MD5
f0dd20d35e12f983a3825f02f94ceb97
-
SHA1
52540040164da66f8c49402b838e162d230310db
-
SHA256
d535219699109a75d08b623a2883f6460750b8c93f752e04873b781f0693a9cb
-
SHA512
69f9a63b9522d348e7b4b04263d674b06a1f680bf77c711858667b4c71133ac17574036809103226418aa4e02dbf227a34589d0807b548bf2f9534509dc142bf
-
SSDEEP
196608:s4ULjv+bhqNVoBLD7fEXEoYbiIv9VSE6vvk9fIiZ1d:50L+9qz8LD7fEUbiI6aQgz
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
% ��<.pyc
-
Size
1KB
-
MD5
3b769bc3912b606e1b3d8b2037e41bcd
-
SHA1
4f3af8f1b1d5a23e89b46c86a1e135c92d379f9d
-
SHA256
864842c3fa3984989a1d29124681c52589d9fe31c28c2dc5804bcdcf9f0bdca1
-
SHA512
19315caeef0beb031a14f17c0f2841ee661d25d94035dce3e33fd2e9d33d652509dfa4408c17d9f157d208181095621f09901e8880ed8eb2070a6b7550e3b35e
Score1/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3