General
-
Target
46ddcd557521e886e2548e72097e01d6.exe
-
Size
262KB
-
Sample
210420-pzm1wbz236
-
MD5
46ddcd557521e886e2548e72097e01d6
-
SHA1
fd4f34bc1ee6df6d2d04860b2b39349ee6221bf7
-
SHA256
3163e680a9b1c5c3b4e64b0fe808b79c5090a69bb3a359fbe18bbf9064dc4517
-
SHA512
79abb9091c52d225c57db429727b164f5f8ee1de03a597592c42f57f32281a26bc4d400fc670553b8e34697575558616e971fbf81d5901a8007315452ba84071
Static task
static1
Behavioral task
behavioral1
Sample
46ddcd557521e886e2548e72097e01d6.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
46ddcd557521e886e2548e72097e01d6.exe
Resource
win10v20210408
Malware Config
Extracted
oski
orisinlog.com
Targets
-
-
Target
46ddcd557521e886e2548e72097e01d6.exe
-
Size
262KB
-
MD5
46ddcd557521e886e2548e72097e01d6
-
SHA1
fd4f34bc1ee6df6d2d04860b2b39349ee6221bf7
-
SHA256
3163e680a9b1c5c3b4e64b0fe808b79c5090a69bb3a359fbe18bbf9064dc4517
-
SHA512
79abb9091c52d225c57db429727b164f5f8ee1de03a597592c42f57f32281a26bc4d400fc670553b8e34697575558616e971fbf81d5901a8007315452ba84071
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-