General
-
Target
94d4a6254deb2682a900f05d6fe81284750882bd3e68a1ca09f346ad86d994ce
-
Size
241KB
-
Sample
221120-enjhbsad3t
-
MD5
02af096d6c0cba4819acca17991657c0
-
SHA1
e1c5b90e0343ba9ef514ff87b18cc4e4a17d95ad
-
SHA256
94d4a6254deb2682a900f05d6fe81284750882bd3e68a1ca09f346ad86d994ce
-
SHA512
73ca6ad8d0585327cab2ae8d8f6d35157fe7f00b6db8b81f1d67dffb54048f584ff8622cbd6c7e38419e8a6e8af653b3b03fee04ba8a47792c3eeaccc2b1269d
-
SSDEEP
3072:Ey1ic1SdQkWGuZSpsMJF0DqdNRLjYb7Zq87vXu3apAfZ9FVkMnVSRNCmxJCd/OuD:bidN73IZDDUaYIZ3kbr3mp
Static task
static1
Behavioral task
behavioral1
Sample
94d4a6254deb2682a900f05d6fe81284750882bd3e68a1ca09f346ad86d994ce.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://westuae.com/csc/update/kudi/gate.php
-
payload_url
http://westuae.com/csc/update/kudi/micro.exe
Targets
-
-
Target
94d4a6254deb2682a900f05d6fe81284750882bd3e68a1ca09f346ad86d994ce
-
Size
241KB
-
MD5
02af096d6c0cba4819acca17991657c0
-
SHA1
e1c5b90e0343ba9ef514ff87b18cc4e4a17d95ad
-
SHA256
94d4a6254deb2682a900f05d6fe81284750882bd3e68a1ca09f346ad86d994ce
-
SHA512
73ca6ad8d0585327cab2ae8d8f6d35157fe7f00b6db8b81f1d67dffb54048f584ff8622cbd6c7e38419e8a6e8af653b3b03fee04ba8a47792c3eeaccc2b1269d
-
SSDEEP
3072:Ey1ic1SdQkWGuZSpsMJF0DqdNRLjYb7Zq87vXu3apAfZ9FVkMnVSRNCmxJCd/OuD:bidN73IZDDUaYIZ3kbr3mp
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-