General
-
Target
AimWareV2 - Byfron Bypass.exe
-
Size
6.0MB
-
Sample
240703-mhbjjasbrk
-
MD5
1695e5af7dce669783d2c8172831df4b
-
SHA1
7e85197b042369a9a7896b4b118ac825e5b87970
-
SHA256
4921b5dca4c985c2b55308d480c5aae667b9f995fb4b75a6a3539e22f8106c6d
-
SHA512
af03f88a3377e82931a4c76fe65cefae383dab984e7799830d86cf57ecae4be84f141e7abb7cb31a85a4ae635c8bd4288705c6d0d243782709c8e02b44568076
-
SSDEEP
98304:VRFEtdFBCzamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RgOuAKRFpHyG:V6FI2eN/FJMIDJf0gsAGK4RruAKRXSG
Behavioral task
behavioral1
Sample
AimWareV2 - Byfron Bypass.exe
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
AimWareV2 - Byfron Bypass.exe
-
Size
6.0MB
-
MD5
1695e5af7dce669783d2c8172831df4b
-
SHA1
7e85197b042369a9a7896b4b118ac825e5b87970
-
SHA256
4921b5dca4c985c2b55308d480c5aae667b9f995fb4b75a6a3539e22f8106c6d
-
SHA512
af03f88a3377e82931a4c76fe65cefae383dab984e7799830d86cf57ecae4be84f141e7abb7cb31a85a4ae635c8bd4288705c6d0d243782709c8e02b44568076
-
SSDEEP
98304:VRFEtdFBCzamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RgOuAKRFpHyG:V6FI2eN/FJMIDJf0gsAGK4RruAKRXSG
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-