General

  • Target

    Flash USDT Sender binance v.1.exe

  • Size

    701KB

  • Sample

    250323-vnm4hsxyev

  • MD5

    d57ac3c31d7069ee6a76c3572f5c234a

  • SHA1

    e6f3b23343a9b716c7529d282a2322c1f528b576

  • SHA256

    e73c96538ec60c2117b6ed82b7f95f8894abed022ee9ab03c1be90ebd9722f06

  • SHA512

    cb4334c76c427305b9b83f2d110e75827c4a83d296679aa04876ccbfd35c7787014a914b722348c076f5d2a3f306f98fdced54ad967953af4ad25d3f3c9eb529

  • SSDEEP

    12288:YwEWeJxd5eyh4R0a6mQlRkORS2DNIWWo0dK+/rYtlsfhZDFyJ/b9A64YVNSANzNc:YBfneyh4R0NPRFXBJWo0dK+/sjkhZZyM

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot7170788789:AAFDgtgiOhG8owpmypRYbNLRYrxlniuiyIs/sendMessage?chat_id=6101540297

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Extracted

Family

xworm

C2

SLL.casacam.net:4444

Attributes
  • Install_directory

    %LocalAppData%

  • install_file

    Interrupi.exe

Targets

    • Target

      USDT Flasher.exe

    • Size

      775KB

    • MD5

      8584a85ec4f91388e65c963c2b458f33

    • SHA1

      023812da246e015601307c357cd4c685df28977c

    • SHA256

      a4c72195c7e45148d8c98c6a58c9c71dc480d496c2daad053b4bfab581225f62

    • SHA512

      b72bb8d9b842c145c5f3b0a2dfb9eac21e297c871388150386e5f74f4946e8a616e597a3d7a63eff8919789c9527f2f4e4861b4f76ff3713c80c292e9105e9f6

    • SSDEEP

      24576:2yGWSbe8meoiy7XlHEVVLaGWSbezGWSbey4RSbe:5X1EVVL

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks