General
-
Target
PL_017_603_789.exe
-
Size
228KB
-
Sample
210503-xxnlycrhhe
-
MD5
015f45de6bf81ded8c921435c471d087
-
SHA1
0ca33aaffac24eb52da8670bb617642d78bd46ab
-
SHA256
916bd03b40de6bfa498311e3a70d3e98c50e8255fd413d446daab77951224856
-
SHA512
1777ebd202bf5380213370cc5174486c71c52f09313d470f70e25179bfe2635bb748bb09d412babc430f5f5ac4417168cdd2fd58a98eba15fd5dc60a6753eefc
Static task
static1
Behavioral task
behavioral1
Sample
PL_017_603_789.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PL_017_603_789.exe
Resource
win10v20210408
Malware Config
Extracted
oski
205.185.120.57
Targets
-
-
Target
PL_017_603_789.exe
-
Size
228KB
-
MD5
015f45de6bf81ded8c921435c471d087
-
SHA1
0ca33aaffac24eb52da8670bb617642d78bd46ab
-
SHA256
916bd03b40de6bfa498311e3a70d3e98c50e8255fd413d446daab77951224856
-
SHA512
1777ebd202bf5380213370cc5174486c71c52f09313d470f70e25179bfe2635bb748bb09d412babc430f5f5ac4417168cdd2fd58a98eba15fd5dc60a6753eefc
Score10/10-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-