General
-
Target
PLI5130745618.exe
-
Size
226KB
-
Sample
210503-dtx8clwq9s
-
MD5
9b807ec7d5c9fa755cd95453f9a7c0d0
-
SHA1
9bb35f35f97839e4c995ab39246a5caac983c928
-
SHA256
f98f307a6a414fcbe42e1017d720f1ed8c9e0df21b703f74e94dbe1afa8b32ff
-
SHA512
cdead31dc1be9a60e3fe616b4dbf47bd646b0ea89ea2f676590222d8a4917d46af310d63844c1374faf76be032ff84ac5d3d25f9b4949e11b226a38e12d71e46
Static task
static1
Behavioral task
behavioral1
Sample
PLI5130745618.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PLI5130745618.exe
Resource
win10v20210410
Malware Config
Extracted
oski
31.210.21.231
Targets
-
-
Target
PLI5130745618.exe
-
Size
226KB
-
MD5
9b807ec7d5c9fa755cd95453f9a7c0d0
-
SHA1
9bb35f35f97839e4c995ab39246a5caac983c928
-
SHA256
f98f307a6a414fcbe42e1017d720f1ed8c9e0df21b703f74e94dbe1afa8b32ff
-
SHA512
cdead31dc1be9a60e3fe616b4dbf47bd646b0ea89ea2f676590222d8a4917d46af310d63844c1374faf76be032ff84ac5d3d25f9b4949e11b226a38e12d71e46
Score10/10-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-