General
-
Target
gunzipped.exe
-
Size
248KB
-
Sample
210430-1r8mzg3lra
-
MD5
470dac4893d3f15bce96543d2e023658
-
SHA1
0c15f00e4afd24e1e09e43b3c2c6d711a60b2806
-
SHA256
cc4c6be7a609aaaabf82ae1cd164c567ff7f7cc1ebdb59175d0ae1ecbac74b5c
-
SHA512
62ce55e126d8ca4e816ee2fed31349260e23605684829965a392db0667049ba58a7e32d7d27a40acf4ca5d9fa1085476b90d58c4e88c3e77c100e9d035e335ea
Static task
static1
Behavioral task
behavioral1
Sample
gunzipped.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
gunzipped.exe
Resource
win10v20210408
Malware Config
Extracted
oski
bestbundledealer.com
Targets
-
-
Target
gunzipped.exe
-
Size
248KB
-
MD5
470dac4893d3f15bce96543d2e023658
-
SHA1
0c15f00e4afd24e1e09e43b3c2c6d711a60b2806
-
SHA256
cc4c6be7a609aaaabf82ae1cd164c567ff7f7cc1ebdb59175d0ae1ecbac74b5c
-
SHA512
62ce55e126d8ca4e816ee2fed31349260e23605684829965a392db0667049ba58a7e32d7d27a40acf4ca5d9fa1085476b90d58c4e88c3e77c100e9d035e335ea
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-