General
-
Target
star spoofer1.5.exe
-
Size
6.3MB
-
Sample
240706-gcxxpazcqd
-
MD5
d227a0f9a449e64d2da8e98d10b63ba3
-
SHA1
388ce0286293ea8663bef21b55a2017f586287ee
-
SHA256
c3ed33bf4fb47ae9f4e298bf762c2b64f4e3f9feed45005c8b3b2a2f812dd512
-
SHA512
e927e12cb50526c6d17ac34d17384d316c7e0908cda6d4b3dc12ddc7edcff2c1e997255a74dc998bbabc5c537f41d3515c68fc2de50bc1e29a6c2a072a3ee02d
-
SSDEEP
98304:6Q9lICctL2Kx9XQsI1Ch+gD4JREOk7XQ5PXH0YXG3FfNmbT2z/wly1/ULGbKhOC+:tINJ9VIxgXX7glXHPINm2UyaLG+4AuV
Behavioral task
behavioral1
Sample
star spoofer1.5.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
star spoofer1.5.exe
Resource
win10v2004-20240704-en
Malware Config
Targets
-
-
Target
star spoofer1.5.exe
-
Size
6.3MB
-
MD5
d227a0f9a449e64d2da8e98d10b63ba3
-
SHA1
388ce0286293ea8663bef21b55a2017f586287ee
-
SHA256
c3ed33bf4fb47ae9f4e298bf762c2b64f4e3f9feed45005c8b3b2a2f812dd512
-
SHA512
e927e12cb50526c6d17ac34d17384d316c7e0908cda6d4b3dc12ddc7edcff2c1e997255a74dc998bbabc5c537f41d3515c68fc2de50bc1e29a6c2a072a3ee02d
-
SSDEEP
98304:6Q9lICctL2Kx9XQsI1Ch+gD4JREOk7XQ5PXH0YXG3FfNmbT2z/wly1/ULGbKhOC+:tINJ9VIxgXX7glXHPINm2UyaLG+4AuV
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-