General
-
Target
452E6C334E555629C538C4AA6B2ADC26.exe
-
Size
792KB
-
Sample
210809-c6wr6k1nds
-
MD5
452e6c334e555629c538c4aa6b2adc26
-
SHA1
f24a31707b2b0037adcc712b0d83541074f909d2
-
SHA256
44aa270e4c081241057bad8c1d0ea5864087325f8e3209aa10747f108123f718
-
SHA512
1412c3682f9c0e239743450d7ce86b37e726101f5f1786fe215dfd18c61911f31f13533549c3af2033ce6dbf47dc638466283dca62fd8df062ea2a65e3fd811a
Static task
static1
Behavioral task
behavioral1
Sample
452E6C334E555629C538C4AA6B2ADC26.exe
Resource
win7v20210410
Malware Config
Extracted
oski
185.212.131.198/ww/
Targets
-
-
Target
452E6C334E555629C538C4AA6B2ADC26.exe
-
Size
792KB
-
MD5
452e6c334e555629c538c4aa6b2adc26
-
SHA1
f24a31707b2b0037adcc712b0d83541074f909d2
-
SHA256
44aa270e4c081241057bad8c1d0ea5864087325f8e3209aa10747f108123f718
-
SHA512
1412c3682f9c0e239743450d7ce86b37e726101f5f1786fe215dfd18c61911f31f13533549c3af2033ce6dbf47dc638466283dca62fd8df062ea2a65e3fd811a
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-