General
-
Target
MT103_Swift-confirmation#4425-28373XXX.exe
-
Size
795KB
-
Sample
210412-g5l3lkfx36
-
MD5
bb4489ef3af30a3f1ac77bca896285b3
-
SHA1
e447d424cccd2e632233f86d4b20c0718cc45fcd
-
SHA256
b2a66114f2afb03bd4087e7fc37d6c89ff7f3d3bd48d751dc9334a5a746f7c37
-
SHA512
a91a49b9ed5c393288844434aeac3a58b217379d0116adb2a0492f090908545f11d1e2985792751c8c6d10b87a66d7d9b47954ce6aeef2080c355b68c9d0bb32
Static task
static1
Behavioral task
behavioral1
Sample
MT103_Swift-confirmation#4425-28373XXX.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
MT103_Swift-confirmation#4425-28373XXX.exe
Resource
win10v20201028
Malware Config
Extracted
oski
45.85.90.86
Targets
-
-
Target
MT103_Swift-confirmation#4425-28373XXX.exe
-
Size
795KB
-
MD5
bb4489ef3af30a3f1ac77bca896285b3
-
SHA1
e447d424cccd2e632233f86d4b20c0718cc45fcd
-
SHA256
b2a66114f2afb03bd4087e7fc37d6c89ff7f3d3bd48d751dc9334a5a746f7c37
-
SHA512
a91a49b9ed5c393288844434aeac3a58b217379d0116adb2a0492f090908545f11d1e2985792751c8c6d10b87a66d7d9b47954ce6aeef2080c355b68c9d0bb32
Score10/10-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-