General
-
Target
e4833e975ec9a404fe636e8cece99172.exe
-
Size
679KB
-
Sample
211202-m1ph4sfabn
-
MD5
e4833e975ec9a404fe636e8cece99172
-
SHA1
553c0807cc5b0df4b1a91ff2689636fde8f33d70
-
SHA256
e447edf7c703f03c3644f4d8b896974b7bfa59e7bc4036af5a800c7135dd09b0
-
SHA512
308a288f131e56765044136aa0230103095bb7ce192743027dd4274f436c62ba8ede8d2fd21d60437f5c45cff520dfad9fbed40ed47573e95b82f002c480d472
Static task
static1
Behavioral task
behavioral1
Sample
e4833e975ec9a404fe636e8cece99172.exe
Resource
win7-en-20211104
Malware Config
Extracted
oski
swsaseguranca.com.br
Targets
-
-
Target
e4833e975ec9a404fe636e8cece99172.exe
-
Size
679KB
-
MD5
e4833e975ec9a404fe636e8cece99172
-
SHA1
553c0807cc5b0df4b1a91ff2689636fde8f33d70
-
SHA256
e447edf7c703f03c3644f4d8b896974b7bfa59e7bc4036af5a800c7135dd09b0
-
SHA512
308a288f131e56765044136aa0230103095bb7ce192743027dd4274f436c62ba8ede8d2fd21d60437f5c45cff520dfad9fbed40ed47573e95b82f002c480d472
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-