General
-
Target
IMG_578_60_28_61XLS.ex
-
Size
560KB
-
Sample
211116-xbgr3sfab5
-
MD5
5ea03c09bf25d3d79ca5a936a18c0ae9
-
SHA1
13806150e3063f266b2fa752a517a4dff3bea533
-
SHA256
18cfa8c68fe25199694faf0d2e9fe0fe86e872b1c20620098a68309ade161000
-
SHA512
2c15022a942ba5dc97425c614972fda775645bf01c9b9a063b0aae5f3dda5da16304016c9e4598aff70af887ecadd1946f34b18d43d82fa08ab31c8ab9ae2ab3
Static task
static1
Behavioral task
behavioral1
Sample
IMG_578_60_28_61XLS.ex.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
IMG_578_60_28_61XLS.ex.exe
Resource
win10-en-20211014
Malware Config
Extracted
oski
novget.com
Targets
-
-
Target
IMG_578_60_28_61XLS.ex
-
Size
560KB
-
MD5
5ea03c09bf25d3d79ca5a936a18c0ae9
-
SHA1
13806150e3063f266b2fa752a517a4dff3bea533
-
SHA256
18cfa8c68fe25199694faf0d2e9fe0fe86e872b1c20620098a68309ade161000
-
SHA512
2c15022a942ba5dc97425c614972fda775645bf01c9b9a063b0aae5f3dda5da16304016c9e4598aff70af887ecadd1946f34b18d43d82fa08ab31c8ab9ae2ab3
Score10/10-
Modifies WinLogon for persistence
-
Suspicious use of SetThreadContext
-