General
-
Target
542f3ea693d61187bd10db0376a6b3e7.exe
-
Size
256KB
-
Sample
210420-4mpgp71lfs
-
MD5
542f3ea693d61187bd10db0376a6b3e7
-
SHA1
92409ffc8c6ea0ae55a76b6b15616f75174dba97
-
SHA256
614ea8187654128fc27a51455ab3c8fdbb6d398382cd4d825cf795dbbf5d7966
-
SHA512
cb383f540285ceb9232a4cc807b5287c4145f6c62fbf961385ef97a68034cc07c37337a595c403dbfe073ad0eac39ce765d58914856051a4c413d6ee5dbc4fb1
Static task
static1
Behavioral task
behavioral1
Sample
542f3ea693d61187bd10db0376a6b3e7.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
542f3ea693d61187bd10db0376a6b3e7.exe
Resource
win10v20210410
Malware Config
Extracted
oski
osiq.club
Targets
-
-
Target
542f3ea693d61187bd10db0376a6b3e7.exe
-
Size
256KB
-
MD5
542f3ea693d61187bd10db0376a6b3e7
-
SHA1
92409ffc8c6ea0ae55a76b6b15616f75174dba97
-
SHA256
614ea8187654128fc27a51455ab3c8fdbb6d398382cd4d825cf795dbbf5d7966
-
SHA512
cb383f540285ceb9232a4cc807b5287c4145f6c62fbf961385ef97a68034cc07c37337a595c403dbfe073ad0eac39ce765d58914856051a4c413d6ee5dbc4fb1
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-