General
-
Target
79f2322a266f7ae7af5686670d8e8bc93661506340aab5e9d63fd23517bbbdd0
-
Size
1MB
-
Sample
211206-cb1jzadbep
-
MD5
83437762e281a39dd2e3d24a77bed412
-
SHA1
c818383759ac632ba7b418e3a830d0a9e90b7cbb
-
SHA256
79f2322a266f7ae7af5686670d8e8bc93661506340aab5e9d63fd23517bbbdd0
-
SHA512
e0edffaa9b1d221e8210c9078ce8e3fa72ece476d87d01bb9d998924e718be65546717f3cf08e65d514b3069b2bbb2e6854469ac837df31866a92e9919643d77
Static task
static1
Malware Config
Extracted
oski
swsaseguranca.com.br
Targets
-
-
Target
79f2322a266f7ae7af5686670d8e8bc93661506340aab5e9d63fd23517bbbdd0
-
Size
1MB
-
MD5
83437762e281a39dd2e3d24a77bed412
-
SHA1
c818383759ac632ba7b418e3a830d0a9e90b7cbb
-
SHA256
79f2322a266f7ae7af5686670d8e8bc93661506340aab5e9d63fd23517bbbdd0
-
SHA512
e0edffaa9b1d221e8210c9078ce8e3fa72ece476d87d01bb9d998924e718be65546717f3cf08e65d514b3069b2bbb2e6854469ac837df31866a92e9919643d77
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-