General
-
Target
Mfipdre.exe
-
Size
304KB
-
Sample
210414-xgl8mwp7g6
-
MD5
3061e2d44678262f26d3f68a419bea3a
-
SHA1
546ad4d518a1ed317dee8bc1331249a10debebcc
-
SHA256
db23d6f5e2123cde47f4e3178bf18063aa3270d13499991200c9074a837eff07
-
SHA512
b397ba5f1e08e247ab3c3ca27877d6e8add173eea292621a38e45ad67bd01083676bce9a4752a4389db23c2bccefcbee356a0a7806d9aa2b3ede1e26b9cbc731
Static task
static1
Behavioral task
behavioral1
Sample
Mfipdre.exe
Resource
win10v20210410
Malware Config
Extracted
oski
novget.com
Targets
-
-
Target
Mfipdre.exe
-
Size
304KB
-
MD5
3061e2d44678262f26d3f68a419bea3a
-
SHA1
546ad4d518a1ed317dee8bc1331249a10debebcc
-
SHA256
db23d6f5e2123cde47f4e3178bf18063aa3270d13499991200c9074a837eff07
-
SHA512
b397ba5f1e08e247ab3c3ca27877d6e8add173eea292621a38e45ad67bd01083676bce9a4752a4389db23c2bccefcbee356a0a7806d9aa2b3ede1e26b9cbc731
Score10/10-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-