General
-
Target
New Order Requirement 2204.exe
-
Size
682KB
-
Sample
210506-5kv397egfa
-
MD5
75fd9a98ffabdc6cd2932e48affa2fa4
-
SHA1
73d99f7c741ef7648002534addd4948098d0a1db
-
SHA256
7d449aa7f0c8097671688a2636f7b2d748f5ee3e4e63de3447d903fd371533f0
-
SHA512
3b1488c7d4d6368c36efc86ad321859317b1d388f4d98bcb18ff129fedb81fd766890761def4754596a6dc5aa31e69221bea6410afe7139a3127983cd4cb23d2
Static task
static1
Behavioral task
behavioral1
Sample
New Order Requirement 2204.exe
Resource
win7v20210410
Malware Config
Extracted
oski
45.144.225.173
Targets
-
-
Target
New Order Requirement 2204.exe
-
Size
682KB
-
MD5
75fd9a98ffabdc6cd2932e48affa2fa4
-
SHA1
73d99f7c741ef7648002534addd4948098d0a1db
-
SHA256
7d449aa7f0c8097671688a2636f7b2d748f5ee3e4e63de3447d903fd371533f0
-
SHA512
3b1488c7d4d6368c36efc86ad321859317b1d388f4d98bcb18ff129fedb81fd766890761def4754596a6dc5aa31e69221bea6410afe7139a3127983cd4cb23d2
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-