General
-
Target
IMG602741105.exe
-
Size
225KB
-
Sample
210503-gwyvbn5wva
-
MD5
0e444899ae75dd87e33621fd953ed450
-
SHA1
3c1ec410dcdb4992e58c20a215354fb3714b2b28
-
SHA256
5e90997364ac5c40a3c374faa4a11c74e9d040e42c10a2dcab169818e1d717b5
-
SHA512
01e0af5122b9aa2fc58ad552ab91eb1b6dc6fc7ece3338faa2e4fc41835742bc8387ab93f6f8d810cc73405e11cfeea59b6aa323fcdcb80b979a4911673905eb
Static task
static1
Behavioral task
behavioral1
Sample
IMG602741105.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
IMG602741105.exe
Resource
win10v20210410
Malware Config
Extracted
oski
198.98.49.140
Targets
-
-
Target
IMG602741105.exe
-
Size
225KB
-
MD5
0e444899ae75dd87e33621fd953ed450
-
SHA1
3c1ec410dcdb4992e58c20a215354fb3714b2b28
-
SHA256
5e90997364ac5c40a3c374faa4a11c74e9d040e42c10a2dcab169818e1d717b5
-
SHA512
01e0af5122b9aa2fc58ad552ab91eb1b6dc6fc7ece3338faa2e4fc41835742bc8387ab93f6f8d810cc73405e11cfeea59b6aa323fcdcb80b979a4911673905eb
Score10/10-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-