General
-
Target
e480e28c74a635845673fd030eb47734.exe
-
Size
268KB
-
Sample
210730-meaadlpbja
-
MD5
e480e28c74a635845673fd030eb47734
-
SHA1
913f51d9deee32c6953a3ce9fbe04dd85f4c78f1
-
SHA256
d83a8f3a3475132ef153741a21858652a2f03a4e62d56f6864c8800fb0a0da45
-
SHA512
620d5be5d4874d5f89b2d301e9900fb25c11cf1630c5fd901e8d34e71ea3c467931e3b284bb16309e26a81a79ba1abd945c20ea908917e378fdac356c54e1571
Static task
static1
Behavioral task
behavioral1
Sample
e480e28c74a635845673fd030eb47734.exe
Resource
win7v20210410
Malware Config
Extracted
oski
nedu1994.xyz
Targets
-
-
Target
e480e28c74a635845673fd030eb47734.exe
-
Size
268KB
-
MD5
e480e28c74a635845673fd030eb47734
-
SHA1
913f51d9deee32c6953a3ce9fbe04dd85f4c78f1
-
SHA256
d83a8f3a3475132ef153741a21858652a2f03a4e62d56f6864c8800fb0a0da45
-
SHA512
620d5be5d4874d5f89b2d301e9900fb25c11cf1630c5fd901e8d34e71ea3c467931e3b284bb16309e26a81a79ba1abd945c20ea908917e378fdac356c54e1571
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-