General
-
Target
ef8bf0e0c08418ed74b33120185fd044.exe
-
Size
219KB
-
Sample
210429-gzxycq1we2
-
MD5
ef8bf0e0c08418ed74b33120185fd044
-
SHA1
4c0654f0475f0e001cfbf9bf47caed94ae137af8
-
SHA256
d8b500427918db815fb5b55eb807c8830192ea1ccd676d4a17155f4d10a1c36e
-
SHA512
b343f4de6369004adb8a5d042ed272fc8b6680c5013fe6dba98161cfe32c3a518a3c055eb46973d7768874462aa506414e236997e6984706e193e4a7999016ab
Static task
static1
Behavioral task
behavioral1
Sample
ef8bf0e0c08418ed74b33120185fd044.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
ef8bf0e0c08418ed74b33120185fd044.exe
Resource
win10v20210410
Malware Config
Extracted
oski
205.185.120.57
Targets
-
-
Target
ef8bf0e0c08418ed74b33120185fd044.exe
-
Size
219KB
-
MD5
ef8bf0e0c08418ed74b33120185fd044
-
SHA1
4c0654f0475f0e001cfbf9bf47caed94ae137af8
-
SHA256
d8b500427918db815fb5b55eb807c8830192ea1ccd676d4a17155f4d10a1c36e
-
SHA512
b343f4de6369004adb8a5d042ed272fc8b6680c5013fe6dba98161cfe32c3a518a3c055eb46973d7768874462aa506414e236997e6984706e193e4a7999016ab
Score10/10-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-