General
-
Target
PO_60360570.doc
-
Size
1.1MB
-
Sample
210420-zv5yk4hsvj
-
MD5
e4a5e953841f2f5c61b373dd2a4494e9
-
SHA1
1dec8d12cac28ab21f1f470f179de4046e41bb2e
-
SHA256
e33c87beec2f985630825a38da83fefa75e3ce178e2a702d4f419cf32f99450e
-
SHA512
931db856ef234a4c40c8ba9b0c03d6eaf4e5203c3d1cf7e3af1cb7ed12b06a880c86956a7e04814905ae13fc84750031ee57809cad390847b66f37f62131aeb0
Static task
static1
Behavioral task
behavioral1
Sample
PO_60360570.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PO_60360570.doc
Resource
win10v20210408
Malware Config
Extracted
oski
osiq.club
Targets
-
-
Target
PO_60360570.doc
-
Size
1.1MB
-
MD5
e4a5e953841f2f5c61b373dd2a4494e9
-
SHA1
1dec8d12cac28ab21f1f470f179de4046e41bb2e
-
SHA256
e33c87beec2f985630825a38da83fefa75e3ce178e2a702d4f419cf32f99450e
-
SHA512
931db856ef234a4c40c8ba9b0c03d6eaf4e5203c3d1cf7e3af1cb7ed12b06a880c86956a7e04814905ae13fc84750031ee57809cad390847b66f37f62131aeb0
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-