General
-
Target
Shipment Document BL,INV And Packing List Attached.ace
-
Size
324KB
-
Sample
210419-ycj8wsy1l6
-
MD5
33ec2e09eab558dde77756c2829da20d
-
SHA1
3addac02620740766209bdcd9d150ef0441095ce
-
SHA256
b8d46a1452a5f4213e638804255528e6ee5d661e525a6b86984ddac3466fbb9a
-
SHA512
2ffb21776bf1ac66cac7e7dce13a1713f9ad6693be48fd28ca8188da92c176bcd5bddf9dab7581b5c14cd88d88cd1bb2b0f9eeea9d81d2ccc0a4666b372c9ab5
Static task
static1
Behavioral task
behavioral1
Sample
Shipment Document BL,INV And Packing List Attached.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Shipment Document BL,INV And Packing List Attached.exe
Resource
win10v20210408
Malware Config
Extracted
oski
31.210.20.228
Targets
-
-
Target
Shipment Document BL,INV And Packing List Attached.exe
-
Size
407KB
-
MD5
09a5ea79ee56b843410569991ddc9832
-
SHA1
7dfa7e28dde9faac7789386835b908c364de6e5d
-
SHA256
658043783849531e40717a2dbfb8ccecdfb2352edc9e386f700884e1feb37fa9
-
SHA512
0afb3d5cd7a8c6ac533dd6fc5afe3e2cfd59a5722a01c4654b210e857129b77cee46b100a0a7e2eca57507658aa7f16cb63e943073236f7fe7bd310207910bf9
Score10/10-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-