General
-
Target
23447924C121DB2AFAE1DC223CEDA7DE.exe
-
Size
200KB
-
Sample
210731-rf7b4tvezs
-
MD5
23447924c121db2afae1dc223ceda7de
-
SHA1
957015a79f07d2b25dbd874d3fd1788d147b0adb
-
SHA256
e5cfbeb6e53527b724d1a710c44dd7f86a0befadb35db2c81ee1ec9aafd12b40
-
SHA512
9167c1af1a43daf0af42a34eb15df0fad856ac43d68d0d01343c44fc4e33ac8bda5d840eb123a4f33e85833e739c8ce17cd93bbc9144b9ea96384a8cc0583540
Static task
static1
Behavioral task
behavioral1
Sample
23447924C121DB2AFAE1DC223CEDA7DE.exe
Resource
win7v20210410
Malware Config
Extracted
oski
103.99.1.60/we/shu/
Targets
-
-
Target
23447924C121DB2AFAE1DC223CEDA7DE.exe
-
Size
200KB
-
MD5
23447924c121db2afae1dc223ceda7de
-
SHA1
957015a79f07d2b25dbd874d3fd1788d147b0adb
-
SHA256
e5cfbeb6e53527b724d1a710c44dd7f86a0befadb35db2c81ee1ec9aafd12b40
-
SHA512
9167c1af1a43daf0af42a34eb15df0fad856ac43d68d0d01343c44fc4e33ac8bda5d840eb123a4f33e85833e739c8ce17cd93bbc9144b9ea96384a8cc0583540
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-