General
-
Target
SCAN_Wells Fargo bank payment.exe
-
Size
912KB
-
Sample
210727-sg6xw6tywa
-
MD5
e2e01c7a8e323e117cfc9c4cdf0ad1c2
-
SHA1
ea718bc482d968f9db9577b8d9edb08e4f24abbd
-
SHA256
e8b4e90cb7a9233231088d027c2c090aafc143c77e1f46d34d6b206c2c797419
-
SHA512
53a677c7e4f2968319c5d464446e7c777c9b7f61fed01cf5225c121fea661b65c24dc358d52fece233b24db18b1fd1d95d4bc580860c93bb803c77a87c260215
Static task
static1
Behavioral task
behavioral1
Sample
SCAN_Wells Fargo bank payment.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
SCAN_Wells Fargo bank payment.exe
Resource
win10v20210410
Malware Config
Extracted
oski
mmcjo.com/crown/
Targets
-
-
Target
SCAN_Wells Fargo bank payment.exe
-
Size
912KB
-
MD5
e2e01c7a8e323e117cfc9c4cdf0ad1c2
-
SHA1
ea718bc482d968f9db9577b8d9edb08e4f24abbd
-
SHA256
e8b4e90cb7a9233231088d027c2c090aafc143c77e1f46d34d6b206c2c797419
-
SHA512
53a677c7e4f2968319c5d464446e7c777c9b7f61fed01cf5225c121fea661b65c24dc358d52fece233b24db18b1fd1d95d4bc580860c93bb803c77a87c260215
Score10/10-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-