General
-
Target
e105e4778abd8cc1d35e0d6b1f0ad17994570ead16764f012270be94de740aaf.exe
-
Size
1.2MB
-
Sample
240821-nfdrjsvhka
-
MD5
c361fe1dc05f5d90c1ce35e0d49b6338
-
SHA1
267aac6007a22ca4c17eabbfe4c71f3194b181d6
-
SHA256
e105e4778abd8cc1d35e0d6b1f0ad17994570ead16764f012270be94de740aaf
-
SHA512
a1f7a311e03af563d43a2f2d3820d6ac690c99f0edd0ae935df2018205b6e970d14017dd043fd22bc24e956ea483a21116fa1e5b5be4152d3d266a51b9c9d55e
-
SSDEEP
24576:qQ+JBjAObi4M2rIDTU4fmj6J/d5nTWzim9W7akhWFhepaLSbK:qQGBfbiyrIDovj6l+59W7aApat
Static task
static1
Behavioral task
behavioral1
Sample
e105e4778abd8cc1d35e0d6b1f0ad17994570ead16764f012270be94de740aaf.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
e105e4778abd8cc1d35e0d6b1f0ad17994570ead16764f012270be94de740aaf.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
oski
45.141.84.184
Targets
-
-
Target
e105e4778abd8cc1d35e0d6b1f0ad17994570ead16764f012270be94de740aaf.exe
-
Size
1.2MB
-
MD5
c361fe1dc05f5d90c1ce35e0d49b6338
-
SHA1
267aac6007a22ca4c17eabbfe4c71f3194b181d6
-
SHA256
e105e4778abd8cc1d35e0d6b1f0ad17994570ead16764f012270be94de740aaf
-
SHA512
a1f7a311e03af563d43a2f2d3820d6ac690c99f0edd0ae935df2018205b6e970d14017dd043fd22bc24e956ea483a21116fa1e5b5be4152d3d266a51b9c9d55e
-
SSDEEP
24576:qQ+JBjAObi4M2rIDTU4fmj6J/d5nTWzim9W7akhWFhepaLSbK:qQGBfbiyrIDovj6l+59W7aApat
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Deobfuscate/Decode Files or Information
1Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1