General
-
Target
c59409eadfc776ab486cde93cdf70a93.exe
-
Size
388KB
-
Sample
220313-w1fqmsbcek
-
MD5
c59409eadfc776ab486cde93cdf70a93
-
SHA1
70eb8d86ab3e128c452b5674ab0597b9183e5ad5
-
SHA256
8ff42d08999e01de0a69872bc8b53e2b037f9d3ba7ddb8b210b3c04bfdcd2c71
-
SHA512
7f009a280314591eb6ae44386da8d46cab5b54d2c3d78d7781437b18c6cfe243952ef07a2943a559af1619585db2f6978d92dae979b0f4ec59b025c7490f296b
Static task
static1
Behavioral task
behavioral1
Sample
c59409eadfc776ab486cde93cdf70a93.exe
Resource
win7-20220311-en
Malware Config
Extracted
oski
http://basig5.xyz
Targets
-
-
Target
c59409eadfc776ab486cde93cdf70a93.exe
-
Size
388KB
-
MD5
c59409eadfc776ab486cde93cdf70a93
-
SHA1
70eb8d86ab3e128c452b5674ab0597b9183e5ad5
-
SHA256
8ff42d08999e01de0a69872bc8b53e2b037f9d3ba7ddb8b210b3c04bfdcd2c71
-
SHA512
7f009a280314591eb6ae44386da8d46cab5b54d2c3d78d7781437b18c6cfe243952ef07a2943a559af1619585db2f6978d92dae979b0f4ec59b025c7490f296b
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-