General
-
Target
MT103_Swift-confirmation#4425-28373XXX.zip
-
Size
584KB
-
Sample
210415-f5tpsqv1rs
-
MD5
13a089b9d1edff1251ec8e622a401b61
-
SHA1
685f9f0e6255a3c1b221ffa4d23e65927529857a
-
SHA256
b1c159185cfd93b486a0992d0a75baa2278736c14e7751eb1a968f7c08b614c4
-
SHA512
e532b12eeffecd32e4c277dcfb57f4923013c210d0c41e143d18073c7edfcecd694a07922efaae2ddf79fdb46f480baa553727f330e3a95151fb498725fa42c0
Static task
static1
Behavioral task
behavioral1
Sample
MT103_Swift-confirmation#4425-28373XXX.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
MT103_Swift-confirmation#4425-28373XXX.exe
Resource
win10v20210410
Malware Config
Extracted
oski
45.85.90.86
Targets
-
-
Target
MT103_Swift-confirmation#4425-28373XXX.exe
-
Size
795KB
-
MD5
bb4489ef3af30a3f1ac77bca896285b3
-
SHA1
e447d424cccd2e632233f86d4b20c0718cc45fcd
-
SHA256
b2a66114f2afb03bd4087e7fc37d6c89ff7f3d3bd48d751dc9334a5a746f7c37
-
SHA512
a91a49b9ed5c393288844434aeac3a58b217379d0116adb2a0492f090908545f11d1e2985792751c8c6d10b87a66d7d9b47954ce6aeef2080c355b68c9d0bb32
Score10/10-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-