General
-
Target
a989e8f8982eb3edd6684d790b22e48e.exe
-
Size
1.3MB
-
Sample
211206-n1qa3sdhgn
-
MD5
a989e8f8982eb3edd6684d790b22e48e
-
SHA1
d9c024d4b196a282c7748f3c3e592d8248d71d3a
-
SHA256
3d67ced8c8394bdc10e76835caea07dee4729e86bc665a970b6e1b5af6c33eaa
-
SHA512
ffc9118f47286f4579eb19137ebd641f6a5bb6d36266705fb44e29b87bfe0cbd1f8d31e165bddd09bec292a60e78f4e28cbd17d97867f0184707aef0eb1a565e
Static task
static1
Behavioral task
behavioral1
Sample
a989e8f8982eb3edd6684d790b22e48e.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
a989e8f8982eb3edd6684d790b22e48e.exe
Resource
win10-en-20211104
Malware Config
Extracted
oski
oilproduce.xyz
Targets
-
-
Target
a989e8f8982eb3edd6684d790b22e48e.exe
-
Size
1.3MB
-
MD5
a989e8f8982eb3edd6684d790b22e48e
-
SHA1
d9c024d4b196a282c7748f3c3e592d8248d71d3a
-
SHA256
3d67ced8c8394bdc10e76835caea07dee4729e86bc665a970b6e1b5af6c33eaa
-
SHA512
ffc9118f47286f4579eb19137ebd641f6a5bb6d36266705fb44e29b87bfe0cbd1f8d31e165bddd09bec292a60e78f4e28cbd17d97867f0184707aef0eb1a565e
Score10/10-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-