General
-
Target
c11accc6b91c118a30fc9ea60b72258b
-
Size
393KB
-
Sample
211104-xassyshcf8
-
MD5
c11accc6b91c118a30fc9ea60b72258b
-
SHA1
e755b8a318bf454cf58eda24e59dd843a8fbf3dc
-
SHA256
430ac8fe1b764fd7c42a316d36eaf32af003075f617bceb6651aa6be37c6290a
-
SHA512
5df678c4d464edf4331acfe05c11ced2d4c9da49fa2d0447d7b969a4f5f98ebe1b6cc6d90ffeb2aa7690db0e233258dbc18ea95ebc20710e40c3edfeb00bf5bb
Static task
static1
Behavioral task
behavioral1
Sample
c11accc6b91c118a30fc9ea60b72258b.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
c11accc6b91c118a30fc9ea60b72258b.exe
Resource
win10-en-20211014
Malware Config
Extracted
oski
secureconnection.xyz
Targets
-
-
Target
c11accc6b91c118a30fc9ea60b72258b
-
Size
393KB
-
MD5
c11accc6b91c118a30fc9ea60b72258b
-
SHA1
e755b8a318bf454cf58eda24e59dd843a8fbf3dc
-
SHA256
430ac8fe1b764fd7c42a316d36eaf32af003075f617bceb6651aa6be37c6290a
-
SHA512
5df678c4d464edf4331acfe05c11ced2d4c9da49fa2d0447d7b969a4f5f98ebe1b6cc6d90ffeb2aa7690db0e233258dbc18ea95ebc20710e40c3edfeb00bf5bb
Score10/10-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-