General
-
Target
Dash exeutor.exe
-
Size
6.9MB
-
Sample
240702-2wlc8atgrc
-
MD5
a4f7d9f8df132dbb7de451d54c446c19
-
SHA1
1d8dbe0b48e3ce27018e255b568a8d7f30720bc1
-
SHA256
9b7b19359fef13c0741b64a8a605aa42f4f9354493047fb0f274e4fe63e84fd3
-
SHA512
1e3f0e5f9c1b0acf55b79ed9d8e791d396173b20f5c474fe6c93d87f0969dc665dbbdea744929328e5c11c74c2eea877b09234bc261dcdcfae86a5073baba001
-
SSDEEP
98304:cyzHqdVfB2FS27wuyuT/9vUIdD9C+z3zO917vOTh+ezDNh7ovmJ1nmOBN9n4m9JN:cKQshbT/9bvLz3S1bA3zNn97zJN
Behavioral task
behavioral1
Sample
Dash exeutor.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
Dash exeutor.exe
-
Size
6.9MB
-
MD5
a4f7d9f8df132dbb7de451d54c446c19
-
SHA1
1d8dbe0b48e3ce27018e255b568a8d7f30720bc1
-
SHA256
9b7b19359fef13c0741b64a8a605aa42f4f9354493047fb0f274e4fe63e84fd3
-
SHA512
1e3f0e5f9c1b0acf55b79ed9d8e791d396173b20f5c474fe6c93d87f0969dc665dbbdea744929328e5c11c74c2eea877b09234bc261dcdcfae86a5073baba001
-
SSDEEP
98304:cyzHqdVfB2FS27wuyuT/9vUIdD9C+z3zO917vOTh+ezDNh7ovmJ1nmOBN9n4m9JN:cKQshbT/9bvLz3S1bA3zNn97zJN
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-