General
-
Target
Pvcjjru.exe
-
Size
266KB
-
Sample
210419-9cgrhs76qj
-
MD5
6581f25476a8e4009877ba7498489ef6
-
SHA1
dbacf300333c598ebd34e57228efc569cadee154
-
SHA256
808910839d0446439d58dbff8bf7d36db24892fb0ebd018a9dcafc24ddd9d34c
-
SHA512
11cbd153b5d1e53f8c758b616889fd6e2ce5f0e4533daa6c7fd04e41ae740a194378b12c3768ca62b5eb01d2a55f34fb99f28a42b8a7e9380d7b277b4b039add
Static task
static1
Behavioral task
behavioral1
Sample
Pvcjjru.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Pvcjjru.exe
Resource
win10v20210408
Malware Config
Extracted
oski
novget.com
Targets
-
-
Target
Pvcjjru.exe
-
Size
266KB
-
MD5
6581f25476a8e4009877ba7498489ef6
-
SHA1
dbacf300333c598ebd34e57228efc569cadee154
-
SHA256
808910839d0446439d58dbff8bf7d36db24892fb0ebd018a9dcafc24ddd9d34c
-
SHA512
11cbd153b5d1e53f8c758b616889fd6e2ce5f0e4533daa6c7fd04e41ae740a194378b12c3768ca62b5eb01d2a55f34fb99f28a42b8a7e9380d7b277b4b039add
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-