General
-
Target
bed5b9eae040bc5c251d0b025761373131dc12754660e6be4aa5b1c1d302f4ff
-
Size
455KB
-
Sample
201106-q8aselvkre
-
MD5
77f6eb1421150e7d442a52023db4f754
-
SHA1
65fed9203ae5e688527350b9517a8e57fc1c8b25
-
SHA256
bed5b9eae040bc5c251d0b025761373131dc12754660e6be4aa5b1c1d302f4ff
-
SHA512
385d4ab6c3d2ca058c026f315b80c9b0699337878fb547b3716a9db747224a3876da64124dadad207e776a96e3d30b5835e2dbd7124406a1db8757a95e8da3bd
Static task
static1
Behavioral task
behavioral1
Sample
bed5b9eae040bc5c251d0b025761373131dc12754660e6be4aa5b1c1d302f4ff.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
bed5b9eae040bc5c251d0b025761373131dc12754660e6be4aa5b1c1d302f4ff.exe
Resource
win10v20201028
Malware Config
Extracted
oski
45.12.215.204
Targets
-
-
Target
bed5b9eae040bc5c251d0b025761373131dc12754660e6be4aa5b1c1d302f4ff
-
Size
455KB
-
MD5
77f6eb1421150e7d442a52023db4f754
-
SHA1
65fed9203ae5e688527350b9517a8e57fc1c8b25
-
SHA256
bed5b9eae040bc5c251d0b025761373131dc12754660e6be4aa5b1c1d302f4ff
-
SHA512
385d4ab6c3d2ca058c026f315b80c9b0699337878fb547b3716a9db747224a3876da64124dadad207e776a96e3d30b5835e2dbd7124406a1db8757a95e8da3bd
Score10/10-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-