General
-
Target
a5b17ac04b70cc12107229c7e3a92842.exe
-
Size
223KB
-
Sample
210503-t29xkzvnes
-
MD5
a5b17ac04b70cc12107229c7e3a92842
-
SHA1
36494e8db1b039478bd577ec585954a100beba1b
-
SHA256
1860347130f68ba0d084750816ca0fc532b8647d89e36ff53c0355e73a46d332
-
SHA512
6f923cce6079bdde83c8d7ba057b7b0f380465fbaf1db6d828c0466def696b3c4779a6810b1b4be1071e37c5bd575eb9b2c6f7aa5bbf9867fe482596c301ae28
Static task
static1
Behavioral task
behavioral1
Sample
a5b17ac04b70cc12107229c7e3a92842.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
a5b17ac04b70cc12107229c7e3a92842.exe
Resource
win10v20210410
Malware Config
Extracted
oski
31.210.21.71
Targets
-
-
Target
a5b17ac04b70cc12107229c7e3a92842.exe
-
Size
223KB
-
MD5
a5b17ac04b70cc12107229c7e3a92842
-
SHA1
36494e8db1b039478bd577ec585954a100beba1b
-
SHA256
1860347130f68ba0d084750816ca0fc532b8647d89e36ff53c0355e73a46d332
-
SHA512
6f923cce6079bdde83c8d7ba057b7b0f380465fbaf1db6d828c0466def696b3c4779a6810b1b4be1071e37c5bd575eb9b2c6f7aa5bbf9867fe482596c301ae28
Score10/10-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-