General
-
Target
186150481a377bd29689e2b4c7bedb7cd41c9043f4bd7ce5ac25d9e4216aa8dd
-
Size
200KB
-
Sample
211116-w9mkjscaam
-
MD5
fc2cec805baea261f034594150a624b2
-
SHA1
27e67b2e091bb0bbafdd5890ae1afa763de07a71
-
SHA256
186150481a377bd29689e2b4c7bedb7cd41c9043f4bd7ce5ac25d9e4216aa8dd
-
SHA512
217b72ad55614ac510c3771f84e879844fae5b8be406094079d30498169223efad8860477ae237fc4cd32cc0f5ce7d2f99cfffafd93f1875f64efe6b61066264
Static task
static1
Behavioral task
behavioral1
Sample
186150481a377bd29689e2b4c7bedb7cd41c9043f4bd7ce5ac25d9e4216aa8dd.exe
Resource
win7-en-20211014
Malware Config
Extracted
oski
jehovah-reigns.co.za
Targets
-
-
Target
186150481a377bd29689e2b4c7bedb7cd41c9043f4bd7ce5ac25d9e4216aa8dd
-
Size
200KB
-
MD5
fc2cec805baea261f034594150a624b2
-
SHA1
27e67b2e091bb0bbafdd5890ae1afa763de07a71
-
SHA256
186150481a377bd29689e2b4c7bedb7cd41c9043f4bd7ce5ac25d9e4216aa8dd
-
SHA512
217b72ad55614ac510c3771f84e879844fae5b8be406094079d30498169223efad8860477ae237fc4cd32cc0f5ce7d2f99cfffafd93f1875f64efe6b61066264
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-