General
-
Target
BillOfLading.exe
-
Size
260KB
-
Sample
210331-szjcmflb1n
-
MD5
a27e08ddf60d5403c02a482a8c3885ac
-
SHA1
8d98313ff780d8d8c2d779ce5022cc03d72f606b
-
SHA256
c0ff93ef4930a7dc2d95a6ee490fecdddcbe946e479b1d4fdb47285245b28675
-
SHA512
d1d30f1599bfc58a26d25eb641ccc152924fb0cbce253c7c599b5183d3dcf7fb31d80fa75277221895e7526bdbe4ec7c080267340a0649001e6bd28614f31f36
Static task
static1
Behavioral task
behavioral1
Sample
BillOfLading.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
BillOfLading.exe
Resource
win10v20201028
Malware Config
Extracted
oski
http://45.85.90.220
Targets
-
-
Target
BillOfLading.exe
-
Size
260KB
-
MD5
a27e08ddf60d5403c02a482a8c3885ac
-
SHA1
8d98313ff780d8d8c2d779ce5022cc03d72f606b
-
SHA256
c0ff93ef4930a7dc2d95a6ee490fecdddcbe946e479b1d4fdb47285245b28675
-
SHA512
d1d30f1599bfc58a26d25eb641ccc152924fb0cbce253c7c599b5183d3dcf7fb31d80fa75277221895e7526bdbe4ec7c080267340a0649001e6bd28614f31f36
Score10/10-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-