General
-
Target
klux [BETA].exe
-
Size
9.0MB
-
Sample
240630-yweznaxdnj
-
MD5
e2b784eadf51d9952cefc49fba3bb235
-
SHA1
19559ff7cf732619d021743d53171114ea10db1d
-
SHA256
bcd1cb815a9960f88dd5571fdf28126f05bef4c5a8dc26ddac4a2f39556968e7
-
SHA512
7b2f7f8238416800de4a2d96254eaf26f91315bf83728aa54b3e71a53a1d5dfdd4b4ce56cacd2ed498914d18e153c436f7e9b89d3bed1b09a277046a3e6c7578
-
SSDEEP
196608:ktu78K/1+jnXdQmRJ8dA6l7aycBIGpEGo6hTOv+QKeSE06j2Aj+:yu7L/8dQusl29foWOv+9rz02A
Behavioral task
behavioral1
Sample
klux [BETA].exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
klux [BETA].exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
cstealer.pyc
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
cstealer.pyc
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
klux [BETA].exe
-
Size
9.0MB
-
MD5
e2b784eadf51d9952cefc49fba3bb235
-
SHA1
19559ff7cf732619d021743d53171114ea10db1d
-
SHA256
bcd1cb815a9960f88dd5571fdf28126f05bef4c5a8dc26ddac4a2f39556968e7
-
SHA512
7b2f7f8238416800de4a2d96254eaf26f91315bf83728aa54b3e71a53a1d5dfdd4b4ce56cacd2ed498914d18e153c436f7e9b89d3bed1b09a277046a3e6c7578
-
SSDEEP
196608:ktu78K/1+jnXdQmRJ8dA6l7aycBIGpEGo6hTOv+QKeSE06j2Aj+:yu7L/8dQusl29foWOv+9rz02A
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
cstealer.pyc
-
Size
39KB
-
MD5
bbb61d55d0cbadd6b90e90b8660c7ba5
-
SHA1
9ad527366f65f5764b3e730ecaebebbf787d0716
-
SHA256
edd29cdb80faedc9f730c70d4c3380a21fa5492281734405db7cb8c140044956
-
SHA512
9e558b29aa850b560c5713fb3dfe32657f3dab11544013f8f38701c5e5525dcd3ae589a99c71446dd54bd8767d9d6c266dcf14c679c435ecb221dd94b8f6290b
-
SSDEEP
768:fuFYat61k17WnMAF+5JsylM3jp7UBHcxoZUM4PqVfqrY9Wygqxie1HrKl4HYi7ey:epQkW+JsyC3FpOUM6qVirY9WygWiCu1S
Score3/10 -