Resubmissions
30-06-2024 19:45
240630-ygkxcstdkg 7General
-
Target
HarmWare.rar
-
Size
13.5MB
-
Sample
240630-ygkxcstdkg
-
MD5
907516f4ad5a6b86677146fad676db9a
-
SHA1
424f1e50aaf16e838699ae1b03652a03bcbe74c5
-
SHA256
71e7bbd92d365ce21e8eb3117032a58b5c4d4b7c88f77619fc03e8c8231e8fd7
-
SHA512
74a0caa4ba6d669e264ee965643ca8d6a03e8b5577a4ab89b35aeef66f9647429e0bdaca85c1e107386a63b6f5f34c898104b5fc75908d987e20ece24a1f0403
-
SSDEEP
393216:EncG+ERUHiFwKsJge3D58stxKb+2qmCjx4OmD+kf32q6XK:g3/MAsr8ox6+kgfkvH66
Behavioral task
behavioral1
Sample
HarmWare.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
HarmWare.exe
-
Size
13.8MB
-
MD5
22c9248245edf49a0eed0bc7ec21f4cd
-
SHA1
ddc6fd9acf9d4733241fd4548fc642863f7c05c6
-
SHA256
94105e6a1977eb38f8062e153a83bab9cb530abf402f9f0855f0089bb7584507
-
SHA512
37488bacef43748fce3be83f52ab79dc821ed4006979d9aa5b47a57582de7ea9e9afcbd4f92e06116fad0ff746b22c555b1776267a4bab4356e0795c85c16327
-
SSDEEP
393216:Cu7L/SIzY3xdQuslSl9DoWOv+9MMkq/z1:CCL68EdQu9xorvSMFq/z
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-