General
-
Target
h7tfR29LuPk1YuPJO199.exe
-
Size
869KB
-
Sample
210505-kq7911qetj
-
MD5
93d1db10e708c676866a7cd1dba55b68
-
SHA1
eeb55b51a51ba0e0325397eeae08b332b5724b45
-
SHA256
62ff4acb82aa8f8e187d10029882cc2864f7a091bf1ff0a4ee1475119ba6ad9d
-
SHA512
07dcc951d562a37615abadbe9b778b83d51777d7d36bb54201cf11a308e1695844ce40b24054449ee190912e617620d389b5e1ee6d3fc21b1e1368f04f2a5eb0
Static task
static1
Behavioral task
behavioral1
Sample
h7tfR29LuPk1YuPJO199.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
h7tfR29LuPk1YuPJO199.exe
Resource
win10v20210408
Malware Config
Extracted
oski
31.210.21.181
Targets
-
-
Target
h7tfR29LuPk1YuPJO199.exe
-
Size
869KB
-
MD5
93d1db10e708c676866a7cd1dba55b68
-
SHA1
eeb55b51a51ba0e0325397eeae08b332b5724b45
-
SHA256
62ff4acb82aa8f8e187d10029882cc2864f7a091bf1ff0a4ee1475119ba6ad9d
-
SHA512
07dcc951d562a37615abadbe9b778b83d51777d7d36bb54201cf11a308e1695844ce40b24054449ee190912e617620d389b5e1ee6d3fc21b1e1368f04f2a5eb0
Score10/10-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-