General
-
Target
AWB-9899691012.exe
-
Size
708KB
-
Sample
210401-jm1hm1kanx
-
MD5
ec57669d9ea9b2ce78acd0962dd37761
-
SHA1
175f43377e8df78601a8c93a6885025647b95e56
-
SHA256
9dbdfcb4749e6e441ca65cf71d75944cf90111832d10b8048b70cfe084b6e675
-
SHA512
20a34130753d3bf5249727f80cf2d6f34cc771837b89796fed700e04b76928a98bf81a5433696d6b4e4c29dea9848586fab1b9de7b5eaed214ef67d06ea42d38
Static task
static1
Behavioral task
behavioral1
Sample
AWB-9899691012.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
AWB-9899691012.exe
Resource
win10v20201028
Malware Config
Extracted
oski
http://45.85.90.220
Targets
-
-
Target
AWB-9899691012.exe
-
Size
708KB
-
MD5
ec57669d9ea9b2ce78acd0962dd37761
-
SHA1
175f43377e8df78601a8c93a6885025647b95e56
-
SHA256
9dbdfcb4749e6e441ca65cf71d75944cf90111832d10b8048b70cfe084b6e675
-
SHA512
20a34130753d3bf5249727f80cf2d6f34cc771837b89796fed700e04b76928a98bf81a5433696d6b4e4c29dea9848586fab1b9de7b5eaed214ef67d06ea42d38
Score10/10-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-