General
-
Target
46f18ac611cd974116aa94b4fb45343dcd727d9d07d95b12f32f4033fc66c8ad
-
Size
187KB
-
Sample
220714-j587jaebep
-
MD5
e00c36be7554448aaddde4ad7592709f
-
SHA1
b43d3a5867117265d44ceda4c703051024e80588
-
SHA256
46f18ac611cd974116aa94b4fb45343dcd727d9d07d95b12f32f4033fc66c8ad
-
SHA512
2b4e6ebc09ce19023f95523e963f121b7feacca89207fb4cc49801afae0df741965212c3cc2d06d0130c03b45dc0238f50a1115fdbafcb6c2603787c8a69fbc3
Static task
static1
Behavioral task
behavioral1
Sample
46f18ac611cd974116aa94b4fb45343dcd727d9d07d95b12f32f4033fc66c8ad.exe
Resource
win7-20220414-en
Malware Config
Extracted
pony
http://www.p2kings.ga/p2/gate.php
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
46f18ac611cd974116aa94b4fb45343dcd727d9d07d95b12f32f4033fc66c8ad
-
Size
187KB
-
MD5
e00c36be7554448aaddde4ad7592709f
-
SHA1
b43d3a5867117265d44ceda4c703051024e80588
-
SHA256
46f18ac611cd974116aa94b4fb45343dcd727d9d07d95b12f32f4033fc66c8ad
-
SHA512
2b4e6ebc09ce19023f95523e963f121b7feacca89207fb4cc49801afae0df741965212c3cc2d06d0130c03b45dc0238f50a1115fdbafcb6c2603787c8a69fbc3
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-