General
-
Target
1063c0cb170dbaabc42c661361c90b77354f6fa84205f35a4448e178e1e415bf
-
Size
841KB
-
Sample
201106-kk5mv5n88a
-
MD5
438173575797fb37ec475ae32e6f4898
-
SHA1
fac7133812c33797ea24a3ea257d989bbed5d539
-
SHA256
1063c0cb170dbaabc42c661361c90b77354f6fa84205f35a4448e178e1e415bf
-
SHA512
87f5748c30e9a13127cdd0d7d88dfbdebe1f99401f3fe0acc26749c91ae054db8231fad0f6724e762158f7d406f4d985da205c5fdf9e95a83690736c8270c2e9
Static task
static1
Behavioral task
behavioral1
Sample
1063c0cb170dbaabc42c661361c90b77354f6fa84205f35a4448e178e1e415bf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
1063c0cb170dbaabc42c661361c90b77354f6fa84205f35a4448e178e1e415bf.exe
Resource
win10v20201028
Malware Config
Extracted
oski
morasergiov.ac.ug
Targets
-
-
Target
1063c0cb170dbaabc42c661361c90b77354f6fa84205f35a4448e178e1e415bf
-
Size
841KB
-
MD5
438173575797fb37ec475ae32e6f4898
-
SHA1
fac7133812c33797ea24a3ea257d989bbed5d539
-
SHA256
1063c0cb170dbaabc42c661361c90b77354f6fa84205f35a4448e178e1e415bf
-
SHA512
87f5748c30e9a13127cdd0d7d88dfbdebe1f99401f3fe0acc26749c91ae054db8231fad0f6724e762158f7d406f4d985da205c5fdf9e95a83690736c8270c2e9
Score10/10-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-