General
-
Target
Zguzieszn.exe
-
Size
258KB
-
Sample
210507-ydga8y8ess
-
MD5
24e9df3d16780b449b0ec80f25c263b7
-
SHA1
b410b497a791b962e8b9e11b605c291492e542b6
-
SHA256
04739bba7ef80f72f47dd22eb66b9fddb6f48b5c3744b1f9cc6018615aa11bd6
-
SHA512
4a790485ce2f2e2a92892afc948448162fc08e6e5d352281bd3dbfa12cee44635a838f312197e9be27b12550081ed34b21a839cb805efde0c7365102aad03cd2
Static task
static1
Behavioral task
behavioral1
Sample
Zguzieszn.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Zguzieszn.exe
Resource
win10v20210408
Malware Config
Extracted
oski
198.98.49.140
Targets
-
-
Target
Zguzieszn.exe
-
Size
258KB
-
MD5
24e9df3d16780b449b0ec80f25c263b7
-
SHA1
b410b497a791b962e8b9e11b605c291492e542b6
-
SHA256
04739bba7ef80f72f47dd22eb66b9fddb6f48b5c3744b1f9cc6018615aa11bd6
-
SHA512
4a790485ce2f2e2a92892afc948448162fc08e6e5d352281bd3dbfa12cee44635a838f312197e9be27b12550081ed34b21a839cb805efde0c7365102aad03cd2
Score10/10-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-