General
-
Target
ddde6fc0ce346b0ab7bb0c8c02a09d33
-
Size
1.2MB
-
Sample
210728-c27ccq9wva
-
MD5
ddde6fc0ce346b0ab7bb0c8c02a09d33
-
SHA1
1067652f21fd05902288613746b5e2ea79bd07f9
-
SHA256
a375d88a6666e7101b4f582ea0239033e4716e883ecb301245011e9c58054a9c
-
SHA512
66a92b7f14371069d78876add097fb8f847755eff95edd846939566f0ce219b686f265c8a57dbe6e19e5f12145bfbfcccff09371413a758005d1aee7d8490c49
Static task
static1
Behavioral task
behavioral1
Sample
ddde6fc0ce346b0ab7bb0c8c02a09d33.exe
Resource
win7v20210408
Malware Config
Extracted
oski
fine.le-pearl.com
Targets
-
-
Target
ddde6fc0ce346b0ab7bb0c8c02a09d33
-
Size
1.2MB
-
MD5
ddde6fc0ce346b0ab7bb0c8c02a09d33
-
SHA1
1067652f21fd05902288613746b5e2ea79bd07f9
-
SHA256
a375d88a6666e7101b4f582ea0239033e4716e883ecb301245011e9c58054a9c
-
SHA512
66a92b7f14371069d78876add097fb8f847755eff95edd846939566f0ce219b686f265c8a57dbe6e19e5f12145bfbfcccff09371413a758005d1aee7d8490c49
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-