General
-
Target
2b4a1bcc464360c350c05bf9fbb18ce3.exe
-
Size
224KB
-
Sample
210503-cdt1f3d9te
-
MD5
2b4a1bcc464360c350c05bf9fbb18ce3
-
SHA1
62ddaabfa34733a114afd3668c29feaf9dc96502
-
SHA256
37f87d9529b496054bc82c319a8908fc82f7704a7de3bc0353a6474995aa02e3
-
SHA512
a230b489936b0c1b90922f9e49f02bf8addf605923ba0b5e92633ee93fd34eec6f479e4e995ddb6149aae461d262d396d5d20bf45e88f41a8f14bb762d9c420f
Static task
static1
Behavioral task
behavioral1
Sample
2b4a1bcc464360c350c05bf9fbb18ce3.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
2b4a1bcc464360c350c05bf9fbb18ce3.exe
Resource
win10v20210410
Malware Config
Extracted
oski
31.210.20.238
Targets
-
-
Target
2b4a1bcc464360c350c05bf9fbb18ce3.exe
-
Size
224KB
-
MD5
2b4a1bcc464360c350c05bf9fbb18ce3
-
SHA1
62ddaabfa34733a114afd3668c29feaf9dc96502
-
SHA256
37f87d9529b496054bc82c319a8908fc82f7704a7de3bc0353a6474995aa02e3
-
SHA512
a230b489936b0c1b90922f9e49f02bf8addf605923ba0b5e92633ee93fd34eec6f479e4e995ddb6149aae461d262d396d5d20bf45e88f41a8f14bb762d9c420f
Score10/10-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-