General
-
Target
5f0969cdd00801051ff7f2afd2343ff3.exe
-
Size
789KB
-
Sample
210810-8bd2y7m5he
-
MD5
5f0969cdd00801051ff7f2afd2343ff3
-
SHA1
6bbf42e0b05b025e8162404435eb1b25cc07d5f8
-
SHA256
43460a1724b2521dd5e97c68c16edfce9caf22d49452efd956a64db91b5935a7
-
SHA512
0b89a31ae863641dd0b87a7cedb566241e0df84a685f7df73e04c14580b16f80d3042eeaae65a2a09f2772187ff73d0d833f2cfad0663ba4b4a1e8a66c23a9dd
Static task
static1
Behavioral task
behavioral1
Sample
5f0969cdd00801051ff7f2afd2343ff3.exe
Resource
win7v20210410
Malware Config
Extracted
oski
tunqyuindia.com/mar3/
Targets
-
-
Target
5f0969cdd00801051ff7f2afd2343ff3.exe
-
Size
789KB
-
MD5
5f0969cdd00801051ff7f2afd2343ff3
-
SHA1
6bbf42e0b05b025e8162404435eb1b25cc07d5f8
-
SHA256
43460a1724b2521dd5e97c68c16edfce9caf22d49452efd956a64db91b5935a7
-
SHA512
0b89a31ae863641dd0b87a7cedb566241e0df84a685f7df73e04c14580b16f80d3042eeaae65a2a09f2772187ff73d0d833f2cfad0663ba4b4a1e8a66c23a9dd
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-