Member-only story
The following details were obtained from initial static analysis:
- File signature: PE file, Microsoft Visual C# v7.0 / Basic .NET
- CPU: 32-bit
- Subsystem: GUI
- Compiler stamp: 0xD125E3BC (Tue Mar 11 05:21:16 2081)
- Debugger stamp: 0xFA9C9B7D (Wed Mar 28 16:23:41 2103)
- File size: 7168 bytes
- Hashes:
md5: 7310AFA4BDF18FD1F7ECDDACF31A2F37
sha1: 1D3DCD1E299987D222D06E3B73F220628C57BA28
sha256: 746A7A64EC824C63F980ED2194EB7D4E6FEFFC2DD6B0055AC403FAC57C26F783 - Filename/path:
MyApplication.app
file: C:\Users\carbo\Documents\MEGAsync\Source\Bitcoin-Grabber\Bitcoin-Grabber\obj\x86\Release\wssvchost.pdb
The malware is an unpacked PE file which has recently been discovered in the wild, the first sighting is recorded as 03 January, 2022. It is important to note that both the compiler and Debugger time stamps are years in the future i.e. have not yet occurred.
Embedded strings.
PE Studio identified 140 strings , the following have been highlighted:
- The following have been identified as crypto addresses linked with malware campaigns in the wild:
ETH: 0x4dd10a91e43bc7761e56da692471cd38c4aaa426
BTC: 175A7JNERg82zY3xwGEEMq8EyCnKn797Z4
LTC : LQFiuJQCfRqcR9TjqYmi1ne7aANpyKdQpX
TRON: TPRNNuj6gpBQt4PLsNv7ZVeYHyRJGgJA61…
