General
-
Target
0fiasS.dll
-
Size
459KB
-
Sample
210113-qvgj4shqfn
-
MD5
7dafd3cf24542dfb021e4ee6f9af03c4
-
SHA1
2d9445e1483503b2ca1a9451b37cb7144e711498
-
SHA256
6ebc86e6f913ec435d6b7eeda2e0fbedf0fa6cc238af54b18da5c9588df399a3
-
SHA512
d4d9af7ba43840bfc686dcf0f354253dfad5e97efa2b5b87e5d5c1039250f29580db312fbdbd9f2c21751e9f56476a9039ddfb555a1c29dc968b53f58753fde0
Static task
static1
Behavioral task
behavioral1
Sample
0fiasS.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
0fiasS.dll
Resource
win10v20201028
Malware Config
Targets
-
-
Target
0fiasS.dll
-
Size
459KB
-
MD5
7dafd3cf24542dfb021e4ee6f9af03c4
-
SHA1
2d9445e1483503b2ca1a9451b37cb7144e711498
-
SHA256
6ebc86e6f913ec435d6b7eeda2e0fbedf0fa6cc238af54b18da5c9588df399a3
-
SHA512
d4d9af7ba43840bfc686dcf0f354253dfad5e97efa2b5b87e5d5c1039250f29580db312fbdbd9f2c21751e9f56476a9039ddfb555a1c29dc968b53f58753fde0
Score10/10-
Blocklisted process makes network request
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-