General
-
Target
5753388fbfcde9e08d00ac9e2be5d881.exe
-
Size
245KB
-
Sample
210504-pdpg794hta
-
MD5
5753388fbfcde9e08d00ac9e2be5d881
-
SHA1
48e8a88ca75782489db9b5da0dff11f050a7a4e0
-
SHA256
d346665dc0a3c37256f313f6e9e41c254acf70c599d007f1391128c4b3771ce6
-
SHA512
483bfd819158b38e996780c3d59ee22b3a3d372d1cd38bfa68dc817370663da0978f259c836df42f5c2f5e3fd7ee9217d7f185664678c575c24a2f131226bad7
Static task
static1
Behavioral task
behavioral1
Sample
5753388fbfcde9e08d00ac9e2be5d881.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
5753388fbfcde9e08d00ac9e2be5d881.exe
Resource
win10v20210408
Malware Config
Extracted
oski
198.98.60.43
Targets
-
-
Target
5753388fbfcde9e08d00ac9e2be5d881.exe
-
Size
245KB
-
MD5
5753388fbfcde9e08d00ac9e2be5d881
-
SHA1
48e8a88ca75782489db9b5da0dff11f050a7a4e0
-
SHA256
d346665dc0a3c37256f313f6e9e41c254acf70c599d007f1391128c4b3771ce6
-
SHA512
483bfd819158b38e996780c3d59ee22b3a3d372d1cd38bfa68dc817370663da0978f259c836df42f5c2f5e3fd7ee9217d7f185664678c575c24a2f131226bad7
Score10/10-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-