General
-
Target
osurx.exe
-
Size
20.1MB
-
Sample
240505-yvpsgace7y
-
MD5
3fcb67a0a6291be47899d929876320bf
-
SHA1
2210fc1708fe193911b80a469813effeeaf76203
-
SHA256
adc1bbfadcc79258c378134dc9f3fb65366df6d7bc81a3e1fe79d3d9d57cdab4
-
SHA512
9ba51e490f7bfd32f4edc5ee7ce10abf1d22f4914b64cff8bef22dd9513ada0c5a3c901c94548f24fb812a2d522ad4fda7dab0220d64296587985080fa1f8674
-
SSDEEP
393216:KWMzd6T5VDF/mshj0Ob93ZWXqa7V4LCHmr7crNMj:KWMh+5VB/mshHb93ZgR4L0eOMj
Static task
static1
Behavioral task
behavioral1
Sample
osurx.exe
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
osurx.exe
-
Size
20.1MB
-
MD5
3fcb67a0a6291be47899d929876320bf
-
SHA1
2210fc1708fe193911b80a469813effeeaf76203
-
SHA256
adc1bbfadcc79258c378134dc9f3fb65366df6d7bc81a3e1fe79d3d9d57cdab4
-
SHA512
9ba51e490f7bfd32f4edc5ee7ce10abf1d22f4914b64cff8bef22dd9513ada0c5a3c901c94548f24fb812a2d522ad4fda7dab0220d64296587985080fa1f8674
-
SSDEEP
393216:KWMzd6T5VDF/mshj0Ob93ZWXqa7V4LCHmr7crNMj:KWMh+5VB/mshHb93ZgR4L0eOMj
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-