General
-
Target
New Order Requirement 2204.ace
-
Size
380KB
-
Sample
210507-rzdgnkebcs
-
MD5
2b3ec0cd498878fd0e5de24a9a7d428a
-
SHA1
5f1777f2a3727cae71d4caaac2c253aef9dea59a
-
SHA256
a2442bb8a9aeb8af98ccfb07ad9afd62bdbedeb942971a8644d63687dbb65490
-
SHA512
9a1826dc3f918ab0b1cabad2ad30990d95a3e81bde3e8a4beb4f4b5f7ba0a632f3b261773372bfedd1e7cedca99a245ba39873a4d4fd2e8d7648fdb10b8fdc23
Static task
static1
Behavioral task
behavioral1
Sample
New Order Requirement 2204.exe
Resource
win7v20210408
Malware Config
Extracted
oski
45.144.225.173
Targets
-
-
Target
New Order Requirement 2204.exe
-
Size
682KB
-
MD5
75fd9a98ffabdc6cd2932e48affa2fa4
-
SHA1
73d99f7c741ef7648002534addd4948098d0a1db
-
SHA256
7d449aa7f0c8097671688a2636f7b2d748f5ee3e4e63de3447d903fd371533f0
-
SHA512
3b1488c7d4d6368c36efc86ad321859317b1d388f4d98bcb18ff129fedb81fd766890761def4754596a6dc5aa31e69221bea6410afe7139a3127983cd4cb23d2
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-