General
-
Target
5c40517b3b632caf07cb45afa5aa1140
-
Size
1.0MB
-
Sample
211207-p74byscbg9
-
MD5
5c40517b3b632caf07cb45afa5aa1140
-
SHA1
767c28385881fdc01b43b730aa50168f23d934f9
-
SHA256
2e6bebcaaa746b7ab28bf74c49dc0b92b88f564f5b05d6cc414ea1d4aa5f10d4
-
SHA512
049ad3a0c2b806a6ce30e64bf4fb8d0f77adf208b7eca9c80579e9d25faa464981eb2c6631ca93955962c36a3c6f40cb1f20d3ed542f994d02ce85d3d3af4713
Static task
static1
Behavioral task
behavioral1
Sample
5c40517b3b632caf07cb45afa5aa1140.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
5c40517b3b632caf07cb45afa5aa1140.exe
Resource
win10-en-20211014
Malware Config
Extracted
oski
oilproduce.xyz
Targets
-
-
Target
5c40517b3b632caf07cb45afa5aa1140
-
Size
1.0MB
-
MD5
5c40517b3b632caf07cb45afa5aa1140
-
SHA1
767c28385881fdc01b43b730aa50168f23d934f9
-
SHA256
2e6bebcaaa746b7ab28bf74c49dc0b92b88f564f5b05d6cc414ea1d4aa5f10d4
-
SHA512
049ad3a0c2b806a6ce30e64bf4fb8d0f77adf208b7eca9c80579e9d25faa464981eb2c6631ca93955962c36a3c6f40cb1f20d3ed542f994d02ce85d3d3af4713
Score10/10-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-