General
-
Target
791d39e806357e832c5aa1043ebdfe95c90ffe41f20376ad5ea955b049c5dac7
-
Size
684KB
-
Sample
210406-x7zlhjzs7j
-
MD5
b53c91938416807d1ee5a408c5b2a636
-
SHA1
2bd54114bccd24abf158ee1b5ae1e77a238f4bc1
-
SHA256
791d39e806357e832c5aa1043ebdfe95c90ffe41f20376ad5ea955b049c5dac7
-
SHA512
855ffa525e36e9406d8c4ee9c148effe994c1e513ea498757ef91918d93c2c9a33ffdce457b31754c8cf65577caa012320ccd450bdc82cac6963b0dbed110dac
Static task
static1
Behavioral task
behavioral1
Sample
791d39e806357e832c5aa1043ebdfe95c90ffe41f20376ad5ea955b049c5dac7.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
791d39e806357e832c5aa1043ebdfe95c90ffe41f20376ad5ea955b049c5dac7.exe
Resource
win10v20201028
Malware Config
Extracted
oski
http://45.85.90.220
Targets
-
-
Target
791d39e806357e832c5aa1043ebdfe95c90ffe41f20376ad5ea955b049c5dac7
-
Size
684KB
-
MD5
b53c91938416807d1ee5a408c5b2a636
-
SHA1
2bd54114bccd24abf158ee1b5ae1e77a238f4bc1
-
SHA256
791d39e806357e832c5aa1043ebdfe95c90ffe41f20376ad5ea955b049c5dac7
-
SHA512
855ffa525e36e9406d8c4ee9c148effe994c1e513ea498757ef91918d93c2c9a33ffdce457b31754c8cf65577caa012320ccd450bdc82cac6963b0dbed110dac
Score10/10-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-