General
-
Target
51e9baed09ebf7407f8a01d34dca55ee0c4ca4fa
-
Size
444KB
-
Sample
210726-tpgtcye8j6
-
MD5
d62e7eaa8e9524f1094f2ee37b31c09f
-
SHA1
51e9baed09ebf7407f8a01d34dca55ee0c4ca4fa
-
SHA256
6f9991b2dbb68f2cb2f1846a641e54857cc5a1b3f683e7883ac85e3a040987d1
-
SHA512
9ce436aab531a981392a3f00fc359a9fd6e36c10b4a24437c3ab60693ac4c6e3a0927ac0f174027bb5598b71ad0074aceaaaf4e3366cb13ec678636be1a56bc5
Static task
static1
Behavioral task
behavioral1
Sample
51e9baed09ebf7407f8a01d34dca55ee0c4ca4fa.exe
Resource
win7v20210410
Malware Config
Extracted
oski
edkark.xyz
Targets
-
-
Target
51e9baed09ebf7407f8a01d34dca55ee0c4ca4fa
-
Size
444KB
-
MD5
d62e7eaa8e9524f1094f2ee37b31c09f
-
SHA1
51e9baed09ebf7407f8a01d34dca55ee0c4ca4fa
-
SHA256
6f9991b2dbb68f2cb2f1846a641e54857cc5a1b3f683e7883ac85e3a040987d1
-
SHA512
9ce436aab531a981392a3f00fc359a9fd6e36c10b4a24437c3ab60693ac4c6e3a0927ac0f174027bb5598b71ad0074aceaaaf4e3366cb13ec678636be1a56bc5
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-