Resubmissions
05-07-2024 10:41
240705-mrjlhawhpp 405-07-2024 10:30
240705-mj4lpsyhlc 405-07-2024 10:17
240705-mble6awfnq 102-07-2024 14:21
240702-rpd1fswfjg 1002-07-2024 14:17
240702-rly68awejc 130-06-2024 11:06
240630-m7vzgawhlb 530-06-2024 11:02
240630-m45phazdqr 130-06-2024 10:28
240630-mhyn3aweng 830-06-2024 10:28
240630-mhvx6szbqm 130-06-2024 09:41
240630-lpaedawbne 1General
-
Target
https://github.com
-
Sample
240702-rpd1fswfjg
Score
10/10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com
Resource
win10-20240404-en
33 signatures
1800 seconds
Malware Config
Extracted
Language
ps1
Deobfuscated
URLs
exe.dropper
https://github.com/not-seil/fudzi.app/raw/main/donotwatch.exe
Targets
-
-
Target
https://github.com
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-