General
-
Target
22f934036d8405eaf679a08f51babbec
-
Size
390KB
-
Sample
211104-ycawlaeegj
-
MD5
22f934036d8405eaf679a08f51babbec
-
SHA1
95ef18afe610cd1cda291646ee2c45ab8b48177a
-
SHA256
385a01c35c74812f7398c13083009258893c4570ecccedb2f182555d065bc68d
-
SHA512
1a132af03a93d796f14539f3b8c6ad3f346bbc88fb97cec7613bdf35ac6af6eb9d821dc41b0d2561a30c622bd47ae8ea3ec49b10bed24323d31810747a1a9502
Static task
static1
Behavioral task
behavioral1
Sample
22f934036d8405eaf679a08f51babbec.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
22f934036d8405eaf679a08f51babbec.exe
Resource
win10-en-20211014
Malware Config
Extracted
oski
chrisupdated.xyz
Targets
-
-
Target
22f934036d8405eaf679a08f51babbec
-
Size
390KB
-
MD5
22f934036d8405eaf679a08f51babbec
-
SHA1
95ef18afe610cd1cda291646ee2c45ab8b48177a
-
SHA256
385a01c35c74812f7398c13083009258893c4570ecccedb2f182555d065bc68d
-
SHA512
1a132af03a93d796f14539f3b8c6ad3f346bbc88fb97cec7613bdf35ac6af6eb9d821dc41b0d2561a30c622bd47ae8ea3ec49b10bed24323d31810747a1a9502
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-