General
-
Target
imgh0482196.exe
-
Size
745KB
-
Sample
211130-jmjtxshdf8
-
MD5
294e24de08e09999462b0f337d4414f8
-
SHA1
15f0cd293532f4e3c26065963178b5a63dc53288
-
SHA256
38e25fba4b5448546fa9672ea70ac050a9524d624b84d92fa39f9a8bbe7efa6b
-
SHA512
c0121dc5cc41a366287c09e73ac5876894ca01fbe951634181ac9ca37adad4c8d103df5b430152b8e893c68607fd5d7d36a83c2149495fedbac496e29a69ba23
Static task
static1
Behavioral task
behavioral1
Sample
imgh0482196.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
imgh0482196.exe
Resource
win10-en-20211104
Malware Config
Extracted
oski
cubicatransport.net
Targets
-
-
Target
imgh0482196.exe
-
Size
745KB
-
MD5
294e24de08e09999462b0f337d4414f8
-
SHA1
15f0cd293532f4e3c26065963178b5a63dc53288
-
SHA256
38e25fba4b5448546fa9672ea70ac050a9524d624b84d92fa39f9a8bbe7efa6b
-
SHA512
c0121dc5cc41a366287c09e73ac5876894ca01fbe951634181ac9ca37adad4c8d103df5b430152b8e893c68607fd5d7d36a83c2149495fedbac496e29a69ba23
Score10/10-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-