General
-
Target
IMG053110579.exe
-
Size
263KB
-
Sample
210507-rfjz35a3j2
-
MD5
8ff3cd20c7ca5a373dc7b988e2668bb5
-
SHA1
a278ea762a0ade0c58ad49e9aa15075ef61e592c
-
SHA256
5f55898f4f260025ec6507f92ed128dcd90f5f83d14b507282352f4c79fb71bc
-
SHA512
38e230b2a08e4ba51f64d8d3d05adf0b4546ef7675932309983b8162653585312f92202d8ca0d3901585756061d3fdf27aa8b3355bd3f5ca6727148e81051b56
Static task
static1
Behavioral task
behavioral1
Sample
IMG053110579.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
IMG053110579.exe
Resource
win10v20210410
Malware Config
Extracted
oski
209.141.40.19
Targets
-
-
Target
IMG053110579.exe
-
Size
263KB
-
MD5
8ff3cd20c7ca5a373dc7b988e2668bb5
-
SHA1
a278ea762a0ade0c58ad49e9aa15075ef61e592c
-
SHA256
5f55898f4f260025ec6507f92ed128dcd90f5f83d14b507282352f4c79fb71bc
-
SHA512
38e230b2a08e4ba51f64d8d3d05adf0b4546ef7675932309983b8162653585312f92202d8ca0d3901585756061d3fdf27aa8b3355bd3f5ca6727148e81051b56
Score10/10-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-