General
-
Target
Proposal For Adamallys Group..exe
-
Size
732KB
-
Sample
210811-9vcf6qf166
-
MD5
4d838fd7586e75e908483b1807bc29a6
-
SHA1
ab5e4e82d68462daec9ff1dc0fa81380d8991df0
-
SHA256
a34e7c63da647c394b8becde55d6e87bc34e2c934c89b7f23484747a3598fb4c
-
SHA512
df7980b4b9d058ef368c7c93069dcb5a8c689f755d0ca15a355bee5860cd167dcda1a3afbbf7ec9ab46f96690d6d7ee161f660219f049cc88c7841daef88c5fa
Static task
static1
Behavioral task
behavioral1
Sample
Proposal For Adamallys Group..exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Proposal For Adamallys Group..exe
Resource
win10v20210410
Malware Config
Extracted
oski
cabvui.xyz
Targets
-
-
Target
Proposal For Adamallys Group..exe
-
Size
732KB
-
MD5
4d838fd7586e75e908483b1807bc29a6
-
SHA1
ab5e4e82d68462daec9ff1dc0fa81380d8991df0
-
SHA256
a34e7c63da647c394b8becde55d6e87bc34e2c934c89b7f23484747a3598fb4c
-
SHA512
df7980b4b9d058ef368c7c93069dcb5a8c689f755d0ca15a355bee5860cd167dcda1a3afbbf7ec9ab46f96690d6d7ee161f660219f049cc88c7841daef88c5fa
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-