General
-
Target
Invoice 006719053 Purchase Order Number INDER.ace
-
Size
263KB
-
Sample
210420-1tdaxge9gn
-
MD5
8885a90f18ac50bea91b23d614122914
-
SHA1
a8d02751029399f71a163e078f7bef4b718cb946
-
SHA256
a5a3e4088ac092beda78fb4fb76c41ea5aa1058484a413ca8701f6114b14a040
-
SHA512
dd92f0bb7e324a4a0af030940278dddb9acceaf123fc75b4d94974cadfe35686eba30fd030663dcf36bf5e7e452db9c124b1d172422e792f9547d73ce816d119
Static task
static1
Behavioral task
behavioral1
Sample
Invoice 006719053 Purchase Order Number INDER.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Invoice 006719053 Purchase Order Number INDER.exe
Resource
win10v20210410
Malware Config
Extracted
oski
31.210.20.228
Targets
-
-
Target
Invoice 006719053 Purchase Order Number INDER.exe
-
Size
419KB
-
MD5
64e7c59ace47ccf1a97eedaf751e343c
-
SHA1
56f17882965d10fdc10643b38f224799ce26ce26
-
SHA256
e8c024453b4ea2c8deae99a076086cc051cb6d52453e8ba9a6316d4e7cb6a783
-
SHA512
865eac96134348888b76db6d94b19d88009854055ace13a3f2147e27dc5d6a2f8a72a7b0cb92c23090ff0801955f4eed55390cfbd5a66816a0b839f3e0e41e18
Score10/10-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-