General
-
Target
purchase order acknowledgement.exe
-
Size
828KB
-
Sample
210503-h1arehsjtn
-
MD5
2756cff6b7da163940d5157bf9df7ece
-
SHA1
6665087ac729b5c9dc9dc9e920513b07794fbce6
-
SHA256
a9e2cff74c2afe7a6d87d7cb25bc41f044f8b492541729fb1503408b7ede6fa2
-
SHA512
3bc6544a70797079b85f06489fb213ad820612e1d25f069384a09b5e8e63107f30ef9fbe5da70c10e2d91767f746425a002552fd2d41b11095982241537914a3
Static task
static1
Behavioral task
behavioral1
Sample
purchase order acknowledgement.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
purchase order acknowledgement.exe
Resource
win10v20210408
Malware Config
Extracted
oski
31.210.21.181
Targets
-
-
Target
purchase order acknowledgement.exe
-
Size
828KB
-
MD5
2756cff6b7da163940d5157bf9df7ece
-
SHA1
6665087ac729b5c9dc9dc9e920513b07794fbce6
-
SHA256
a9e2cff74c2afe7a6d87d7cb25bc41f044f8b492541729fb1503408b7ede6fa2
-
SHA512
3bc6544a70797079b85f06489fb213ad820612e1d25f069384a09b5e8e63107f30ef9fbe5da70c10e2d91767f746425a002552fd2d41b11095982241537914a3
Score10/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-