General
-
Target
a4c671e044dc8b9fa3237fa1af2bfa5907676bb93cfc76507014070d45ac4b58
-
Size
6.8MB
-
Sample
240704-b9ngmazdrg
-
MD5
70d39508b4784708006b0adaf50107f6
-
SHA1
252a28a5d464da4784f1fde14b9a87db601981cf
-
SHA256
a4c671e044dc8b9fa3237fa1af2bfa5907676bb93cfc76507014070d45ac4b58
-
SHA512
7145748a620d17cd019284f93a6fd8d309902c7d3d61d997e4c5831e9795308228462035df1c6c9d6ceec2656ffac291c81658f708cdaf5c065ab53762af1766
-
SSDEEP
196608:68V1cF3B6ylnlPzf+JiJCsmFMvcn6hVvn:aBRlnlPSa7mmvc+P
Behavioral task
behavioral1
Sample
a4c671e044dc8b9fa3237fa1af2bfa5907676bb93cfc76507014070d45ac4b58.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a4c671e044dc8b9fa3237fa1af2bfa5907676bb93cfc76507014070d45ac4b58.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
a4c671e044dc8b9fa3237fa1af2bfa5907676bb93cfc76507014070d45ac4b58
-
Size
6.8MB
-
MD5
70d39508b4784708006b0adaf50107f6
-
SHA1
252a28a5d464da4784f1fde14b9a87db601981cf
-
SHA256
a4c671e044dc8b9fa3237fa1af2bfa5907676bb93cfc76507014070d45ac4b58
-
SHA512
7145748a620d17cd019284f93a6fd8d309902c7d3d61d997e4c5831e9795308228462035df1c6c9d6ceec2656ffac291c81658f708cdaf5c065ab53762af1766
-
SSDEEP
196608:68V1cF3B6ylnlPzf+JiJCsmFMvcn6hVvn:aBRlnlPSa7mmvc+P
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-