General
-
Target
2.doc
-
Size
1.0MB
-
Sample
210421-cg6z57nrv2
-
MD5
7ad12c00db3b7153dda578637a2963ef
-
SHA1
ccb187876d0e95e6b6aef971d14c8423474baba1
-
SHA256
a48314b153f114d784b034c9dd6f30c2ff3042822fe30c726b904d44c9c3614a
-
SHA512
5f4ed43a6d2f4ddf753f38d6cc9a836ae238a20d574d3488ea2000af75609da36a1da663c07cc8b81913465fc7aa32127fdd8ddf1e92a852767d59b2320cdf60
Static task
static1
Behavioral task
behavioral1
Sample
2.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
2.doc
Resource
win10v20210408
Malware Config
Extracted
oski
osiq.club
Targets
-
-
Target
2.doc
-
Size
1.0MB
-
MD5
7ad12c00db3b7153dda578637a2963ef
-
SHA1
ccb187876d0e95e6b6aef971d14c8423474baba1
-
SHA256
a48314b153f114d784b034c9dd6f30c2ff3042822fe30c726b904d44c9c3614a
-
SHA512
5f4ed43a6d2f4ddf753f38d6cc9a836ae238a20d574d3488ea2000af75609da36a1da663c07cc8b81913465fc7aa32127fdd8ddf1e92a852767d59b2320cdf60
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-