General
-
Target
5208178979274752.zip
-
Size
7KB
-
Sample
210713-fh5db8ebr6
-
MD5
6e085e512b9e9a64ae308982033b076d
-
SHA1
3b4bdc30fbe2d1dc88ebb5091e1862e5bfa7857b
-
SHA256
22b88688206c517763a859f79d7d5b273ee215f29a272ca23be0ff17066389ff
-
SHA512
cfed93c99a7610fa102e92cee5ad9402daaf2a32d88c9f92aef79fb04c06e9d5a094b6dd4acd3842152a1416b351936cdbd424799128e38400f089e4e42091a1
Behavioral task
behavioral1
Sample
32397c143bd1d84c30ddda892b0f2e13f97ab22bfbc266738ffa7f369c97ea81.pps
Resource
win7v20210410
Behavioral task
behavioral2
Sample
32397c143bd1d84c30ddda892b0f2e13f97ab22bfbc266738ffa7f369c97ea81.pps
Resource
win10v20210408
Malware Config
Extracted
oski
103.153.76.164/we/qw/
Targets
-
-
Target
32397c143bd1d84c30ddda892b0f2e13f97ab22bfbc266738ffa7f369c97ea81
-
Size
58KB
-
MD5
d728d510f2b3020f9f5966787d11097d
-
SHA1
fad2d76eacde97742c9147a0b9ce02b1d672b4a5
-
SHA256
32397c143bd1d84c30ddda892b0f2e13f97ab22bfbc266738ffa7f369c97ea81
-
SHA512
47b790535f92a579c364c5948c0fa57db42fa74ff82b7eed5d11a04411bbc014671ba5561ef00b94eb0c0d29d190575d0b067ddc073c99e5ba2d29c94d221773
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-