General
-
Target
8b9848190fb40aacc6365ec2d27b1db47b12f027.exe
-
Size
466KB
-
Sample
211018-x591qafden
-
MD5
3b546310e40b24c209f03b25f50b6360
-
SHA1
8b9848190fb40aacc6365ec2d27b1db47b12f027
-
SHA256
1e06feaa8bffafea07e7b94ca87987d61c6e5d0afb520e7c065d7facc10d4b88
-
SHA512
27ced9beccce1699f0bbbacb1a0aa13433f3d9085147853f1c078ab5eceff0664e6b7b716815a2045c9cd4b33a965c1dd4ee2d56bdab7a93f421a789f4aaad8f
Static task
static1
Behavioral task
behavioral1
Sample
8b9848190fb40aacc6365ec2d27b1db47b12f027.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
8b9848190fb40aacc6365ec2d27b1db47b12f027.exe
Resource
win10-en-20210920
Malware Config
Extracted
oski
aboliki.xyz
Targets
-
-
Target
8b9848190fb40aacc6365ec2d27b1db47b12f027.exe
-
Size
466KB
-
MD5
3b546310e40b24c209f03b25f50b6360
-
SHA1
8b9848190fb40aacc6365ec2d27b1db47b12f027
-
SHA256
1e06feaa8bffafea07e7b94ca87987d61c6e5d0afb520e7c065d7facc10d4b88
-
SHA512
27ced9beccce1699f0bbbacb1a0aa13433f3d9085147853f1c078ab5eceff0664e6b7b716815a2045c9cd4b33a965c1dd4ee2d56bdab7a93f421a789f4aaad8f
Score10/10-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-