General
-
Target
9f20b06fd3a6a4eebd08cb94287d3130N.exe
-
Size
200KB
-
Sample
240731-mnat7atara
-
MD5
9f20b06fd3a6a4eebd08cb94287d3130
-
SHA1
10646ce92dd83d27e161500bd2a2a404c2c010a2
-
SHA256
640b55a360b6487d2082c5368a09a99530ed3c8eca2f9cdbe1aacac2c479b174
-
SHA512
b8465695f16f9801e19e1e60435f7301879bc91b0de4a90119340ed7e82fa4f26db063ef8597cdca22c1e58874d5c685657c2c50a92eb833365765943c51a71e
-
SSDEEP
3072:WfUomEuYm98dlSq7gt5q7Dx+XgS6aCEwhOfUbCalNT2pbB3fIB1Xi6FLPo3c:WfUauY68uSWCx+XA7mg2pNI1Ljo3c
Behavioral task
behavioral1
Sample
9f20b06fd3a6a4eebd08cb94287d3130N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
9f20b06fd3a6a4eebd08cb94287d3130N.exe
Resource
win10v2004-20240730-en
Malware Config
Extracted
oski
edw.hstn.me
Targets
-
-
Target
9f20b06fd3a6a4eebd08cb94287d3130N.exe
-
Size
200KB
-
MD5
9f20b06fd3a6a4eebd08cb94287d3130
-
SHA1
10646ce92dd83d27e161500bd2a2a404c2c010a2
-
SHA256
640b55a360b6487d2082c5368a09a99530ed3c8eca2f9cdbe1aacac2c479b174
-
SHA512
b8465695f16f9801e19e1e60435f7301879bc91b0de4a90119340ed7e82fa4f26db063ef8597cdca22c1e58874d5c685657c2c50a92eb833365765943c51a71e
-
SSDEEP
3072:WfUomEuYm98dlSq7gt5q7Dx+XgS6aCEwhOfUbCalNT2pbB3fIB1Xi6FLPo3c:WfUauY68uSWCx+XA7mg2pNI1Ljo3c
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-