General
-
Target
IV3090065437.exe
-
Size
227KB
-
Sample
220322-gsmrnaeec9
-
MD5
2962e54654777bac6bf57c28f21a5c9a
-
SHA1
0ea996779357de45e85e2e12c3d0ac31cf0fd107
-
SHA256
8399c97b606bb6613f99006964a47064e402e6489574b85db7a9872f601886b2
-
SHA512
78109e371a89be0a1a81ae8a13fb8749754519001a3e7946cccef34c03bc6ab0a9a6253823445d2f82cc756df55802fb220087970b30ccb436f8f3e272a381ba
Static task
static1
Behavioral task
behavioral1
Sample
IV3090065437.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
IV3090065437.exe
Resource
win10v2004-20220310-en
Malware Config
Extracted
oski
tel4s6.xyz
Targets
-
-
Target
IV3090065437.exe
-
Size
227KB
-
MD5
2962e54654777bac6bf57c28f21a5c9a
-
SHA1
0ea996779357de45e85e2e12c3d0ac31cf0fd107
-
SHA256
8399c97b606bb6613f99006964a47064e402e6489574b85db7a9872f601886b2
-
SHA512
78109e371a89be0a1a81ae8a13fb8749754519001a3e7946cccef34c03bc6ab0a9a6253823445d2f82cc756df55802fb220087970b30ccb436f8f3e272a381ba
Score10/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-