General
-
Target
TBBurmah Trading Co., Ltd - products inquiry .exe
-
Size
612KB
-
Sample
210430-t73grhn6r6
-
MD5
28884f9a28c69b5f39f066fef59392cb
-
SHA1
baf70f81c09d6772337359633f3424a78e3f607e
-
SHA256
b2454961c84e927b086719e0bae8016bee823e17402fb0feca8bda4e63ff009c
-
SHA512
9b2938b2d7491febd90d5cd6d431361694b8b17759fe1ec7ba4d0b82486243928f3446a0d916a202617d9b8512fb32951aea5dd7cf045afcd91af8f3ea70a6e6
Static task
static1
Behavioral task
behavioral1
Sample
TBBurmah Trading Co., Ltd - products inquiry .exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
TBBurmah Trading Co., Ltd - products inquiry .exe
Resource
win10v20210408
Malware Config
Extracted
oski
31.210.21.181
Targets
-
-
Target
TBBurmah Trading Co., Ltd - products inquiry .exe
-
Size
612KB
-
MD5
28884f9a28c69b5f39f066fef59392cb
-
SHA1
baf70f81c09d6772337359633f3424a78e3f607e
-
SHA256
b2454961c84e927b086719e0bae8016bee823e17402fb0feca8bda4e63ff009c
-
SHA512
9b2938b2d7491febd90d5cd6d431361694b8b17759fe1ec7ba4d0b82486243928f3446a0d916a202617d9b8512fb32951aea5dd7cf045afcd91af8f3ea70a6e6
Score10/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-