General
-
Target
ORDEN DE COMPRA (2).exe
-
Size
556KB
-
Sample
211130-lssecshgd6
-
MD5
b92a57975d4cee3e7a64ffd8c0b8eba1
-
SHA1
3dc6a5d31143af94ec21b891d1723527a04ba9bc
-
SHA256
9bb517a8a2e5028d0714bcba5d90c4b73c5ba2881b112f4ea2690d269dcf4017
-
SHA512
f413e3750aa404947df0fab43631ab802cd02e5805461202e54dafbd1829071f24d9200f2c407cb77b341e8e5528d7478c196115883d463ad79e7f00fa7a9313
Static task
static1
Behavioral task
behavioral1
Sample
ORDEN DE COMPRA (2).exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
ORDEN DE COMPRA (2).exe
Resource
win10-en-20211014
Malware Config
Extracted
oski
vsiperu.com
Targets
-
-
Target
ORDEN DE COMPRA (2).exe
-
Size
556KB
-
MD5
b92a57975d4cee3e7a64ffd8c0b8eba1
-
SHA1
3dc6a5d31143af94ec21b891d1723527a04ba9bc
-
SHA256
9bb517a8a2e5028d0714bcba5d90c4b73c5ba2881b112f4ea2690d269dcf4017
-
SHA512
f413e3750aa404947df0fab43631ab802cd02e5805461202e54dafbd1829071f24d9200f2c407cb77b341e8e5528d7478c196115883d463ad79e7f00fa7a9313
Score10/10-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-