General
-
Target
E657706B5B6602634BC2BC4BAECDA9A6.exe
-
Size
1.2MB
-
Sample
210730-9nql9npw5a
-
MD5
e657706b5b6602634bc2bc4baecda9a6
-
SHA1
467cc2e9667b8ccfced6641215e616e1312aa379
-
SHA256
a1ba25ee2a1c2fadb79dcc380df85c269e8034e7d78dbe8aa4067a8afecced38
-
SHA512
4918ba8d1842d688a9331dd1c77cd6a1f8cfd53284153f36954854cfa8b443a8db7af1cc21819ae4637f1b8373e01b962666239890e54bb67affeb1ff6265b02
Static task
static1
Behavioral task
behavioral1
Sample
E657706B5B6602634BC2BC4BAECDA9A6.exe
Resource
win7v20210408
Malware Config
Extracted
oski
centarcrkva.rs
Targets
-
-
Target
E657706B5B6602634BC2BC4BAECDA9A6.exe
-
Size
1.2MB
-
MD5
e657706b5b6602634bc2bc4baecda9a6
-
SHA1
467cc2e9667b8ccfced6641215e616e1312aa379
-
SHA256
a1ba25ee2a1c2fadb79dcc380df85c269e8034e7d78dbe8aa4067a8afecced38
-
SHA512
4918ba8d1842d688a9331dd1c77cd6a1f8cfd53284153f36954854cfa8b443a8db7af1cc21819ae4637f1b8373e01b962666239890e54bb67affeb1ff6265b02
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-