General
-
Target
MT103_Swift-confirmation#4425-28373XXX.xz
-
Size
579KB
-
Sample
210412-nzzxr6dy2n
-
MD5
c05b73fac4010193c9b36d5ce29e20aa
-
SHA1
bc12202b10370963df9c93da0e1bbf4049e5ab63
-
SHA256
c21db11decdddf6b539dfd719ee18173b4b832985c9bf653ac77e4e9583996d5
-
SHA512
9c1161a70aebd1fb77d0c7f1e43672c6c349deb4fc1f163ea0adb75d1a126d3d3a842c73723c8a10d826d6a12f375b446226eb9b53e3d503f2bf96fb58f55671
Static task
static1
Behavioral task
behavioral1
Sample
MT103_Swift-confirmation#4425-28373XXX.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
MT103_Swift-confirmation#4425-28373XXX.exe
Resource
win10v20210408
Malware Config
Extracted
oski
45.85.90.86
Targets
-
-
Target
MT103_Swift-confirmation#4425-28373XXX.exe
-
Size
795KB
-
MD5
bb4489ef3af30a3f1ac77bca896285b3
-
SHA1
e447d424cccd2e632233f86d4b20c0718cc45fcd
-
SHA256
b2a66114f2afb03bd4087e7fc37d6c89ff7f3d3bd48d751dc9334a5a746f7c37
-
SHA512
a91a49b9ed5c393288844434aeac3a58b217379d0116adb2a0492f090908545f11d1e2985792751c8c6d10b87a66d7d9b47954ce6aeef2080c355b68c9d0bb32
Score10/10-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-