General
-
Target
INVO07844SCH.exe
-
Size
123KB
-
Sample
211027-lg7pxabea5
-
MD5
16de4b8e44a1b040898270c4bca96a55
-
SHA1
8767b665350873f683d708aa406348cfaad90a05
-
SHA256
471f26d441eb0872b6c93709284022ef3866b279dabdc601b2dfd1e876a37598
-
SHA512
0d7eaf3839124186d7956232dd79ce83ea789a617cfccf9d78b5950ade289e000edfff46cfc0ed9773988c057ca817db360281215d83dd4f72a17dc547209aa4
Static task
static1
Behavioral task
behavioral1
Sample
INVO07844SCH.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
INVO07844SCH.exe
Resource
win10-en-20211014
Malware Config
Extracted
oski
adwa2tv.com/new/
Targets
-
-
Target
INVO07844SCH.exe
-
Size
123KB
-
MD5
16de4b8e44a1b040898270c4bca96a55
-
SHA1
8767b665350873f683d708aa406348cfaad90a05
-
SHA256
471f26d441eb0872b6c93709284022ef3866b279dabdc601b2dfd1e876a37598
-
SHA512
0d7eaf3839124186d7956232dd79ce83ea789a617cfccf9d78b5950ade289e000edfff46cfc0ed9773988c057ca817db360281215d83dd4f72a17dc547209aa4
Score10/10-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-