General
-
Target
statement.doc
-
Size
15KB
-
Sample
211207-nke56sghfn
-
MD5
e6f108d6d7cf1d0e0c4fd34c5bc1f42e
-
SHA1
938c44cedd8b1a15f69448a5c4c7790a3bff8426
-
SHA256
ce6e03397d462d0a91e4a87e343c1b85d1578e4d1ca492c183f3d1b38e8bf9b2
-
SHA512
b17b52e8ba0c4f9f9d1d23693ba8d9e22dbfee21c0ef0285b2fe8c3432cb3aaeb21600da1fdbca87fb092ac829f2a14e2c77985a6032a48963b730811e0c313c
Static task
static1
Behavioral task
behavioral1
Sample
statement.doc
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
statement.doc
Resource
win10-en-20211014
Malware Config
Extracted
oski
oilproduce.xyz
Targets
-
-
Target
statement.doc
-
Size
15KB
-
MD5
e6f108d6d7cf1d0e0c4fd34c5bc1f42e
-
SHA1
938c44cedd8b1a15f69448a5c4c7790a3bff8426
-
SHA256
ce6e03397d462d0a91e4a87e343c1b85d1578e4d1ca492c183f3d1b38e8bf9b2
-
SHA512
b17b52e8ba0c4f9f9d1d23693ba8d9e22dbfee21c0ef0285b2fe8c3432cb3aaeb21600da1fdbca87fb092ac829f2a14e2c77985a6032a48963b730811e0c313c
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-