General
-
Target
C9B7CD9594E42B49718C8E4C093CE9BD2E494AB5D11AE.exe
-
Size
318KB
-
Sample
220619-z1573scfar
-
MD5
6fbe0d88a13f078bdb6ce169f64cf2d6
-
SHA1
cafb904a8227f35ca916e1c7b1213ce76b4282b2
-
SHA256
c9b7cd9594e42b49718c8e4c093ce9bd2e494ab5d11ae6fbe505ce24a5cc3867
-
SHA512
f7a9123cd0bcf342372c3e3f898ae2be9e0085680092366e1469d888366c96d78e069edb2fee4bb6d578422ee459f6bc436fc85b9018b5d0e0d84efd5835b4bd
Static task
static1
Behavioral task
behavioral1
Sample
C9B7CD9594E42B49718C8E4C093CE9BD2E494AB5D11AE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
C9B7CD9594E42B49718C8E4C093CE9BD2E494AB5D11AE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
oski
weirdtrendz.com
Targets
-
-
Target
C9B7CD9594E42B49718C8E4C093CE9BD2E494AB5D11AE.exe
-
Size
318KB
-
MD5
6fbe0d88a13f078bdb6ce169f64cf2d6
-
SHA1
cafb904a8227f35ca916e1c7b1213ce76b4282b2
-
SHA256
c9b7cd9594e42b49718c8e4c093ce9bd2e494ab5d11ae6fbe505ce24a5cc3867
-
SHA512
f7a9123cd0bcf342372c3e3f898ae2be9e0085680092366e1469d888366c96d78e069edb2fee4bb6d578422ee459f6bc436fc85b9018b5d0e0d84efd5835b4bd
Score10/10-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-