Analysis
-
max time kernel
61s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
24-07-2022 21:16
Behavioral task
behavioral1
Sample
b0a671b7efd31ef626581aef4be6af4e3c9a7a840b6959ad66ffee186354f862.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
b0a671b7efd31ef626581aef4be6af4e3c9a7a840b6959ad66ffee186354f862.exe
Resource
win10v2004-20220721-en
General
-
Target
b0a671b7efd31ef626581aef4be6af4e3c9a7a840b6959ad66ffee186354f862.exe
-
Size
557KB
-
MD5
885a469df9346a97e0e4dc82a0e5dbe7
-
SHA1
0c43af591710b049749428d00f100eeb07db091b
-
SHA256
b0a671b7efd31ef626581aef4be6af4e3c9a7a840b6959ad66ffee186354f862
-
SHA512
51fe933b476da96d36ed57f77433b3f3ff141935428f11ea4b1c87fc558795db8344d0eaa6faf41e7994dd14646306aafd770f429ec70e40f634ddbf4ce82011
Malware Config
Signatures
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 7 ip-api.com