General
-
Target
DOC98374933_JULY2021.EXE
-
Size
1.1MB
-
Sample
210722-bk613gyw8e
-
MD5
7cdabce07469c95df2bfe4bb692757d5
-
SHA1
be7905986d224b15517c5b41d4fc30fec309bd8e
-
SHA256
242acd2bd4415b211de8afd058570aac478e1c257d31e908a2823b8fb3788ede
-
SHA512
15fb71bf0912a3083590c454eacb37ea1e8954d2ce63de1910073192d767ca48ffd0a7192cb095799461a97ce680751bff30f59e5815c327cd9c767322fdc060
Static task
static1
Behavioral task
behavioral1
Sample
DOC98374933_JULY2021.EXE
Resource
win7v20210408
Behavioral task
behavioral2
Sample
DOC98374933_JULY2021.EXE
Resource
win10v20210410
Malware Config
Extracted
oski
kckark.xyz
Targets
-
-
Target
DOC98374933_JULY2021.EXE
-
Size
1.1MB
-
MD5
7cdabce07469c95df2bfe4bb692757d5
-
SHA1
be7905986d224b15517c5b41d4fc30fec309bd8e
-
SHA256
242acd2bd4415b211de8afd058570aac478e1c257d31e908a2823b8fb3788ede
-
SHA512
15fb71bf0912a3083590c454eacb37ea1e8954d2ce63de1910073192d767ca48ffd0a7192cb095799461a97ce680751bff30f59e5815c327cd9c767322fdc060
Score10/10-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-