General
-
Target
dd6f97becdd24e1c2c1b7662bb3760aa.exe
-
Size
745KB
-
Sample
211201-ndp2ssbfdj
-
MD5
dd6f97becdd24e1c2c1b7662bb3760aa
-
SHA1
a2894d09e5fc6f0a5ee5ec27119b02ecbc2d9a79
-
SHA256
6b869d8825516d0b977d48043d1d56d233de7b128074b068566dc33e0ff9fdb7
-
SHA512
f352c4cfc3d878287e0f6a783ab803eccba5aee872321e18f2c6c15bca9aad6a47c441e52cb03b88f77cc853ee33988198703cdfbbc0bff0097163125c7e3cda
Static task
static1
Behavioral task
behavioral1
Sample
dd6f97becdd24e1c2c1b7662bb3760aa.exe
Resource
win7-en-20211104
Malware Config
Extracted
oski
swsaseguranca.com.br
Targets
-
-
Target
dd6f97becdd24e1c2c1b7662bb3760aa.exe
-
Size
745KB
-
MD5
dd6f97becdd24e1c2c1b7662bb3760aa
-
SHA1
a2894d09e5fc6f0a5ee5ec27119b02ecbc2d9a79
-
SHA256
6b869d8825516d0b977d48043d1d56d233de7b128074b068566dc33e0ff9fdb7
-
SHA512
f352c4cfc3d878287e0f6a783ab803eccba5aee872321e18f2c6c15bca9aad6a47c441e52cb03b88f77cc853ee33988198703cdfbbc0bff0097163125c7e3cda
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-