General
-
Target
ac2a327b1fe8922b6385c5947a191dcf890321a5832c6bdecb3da8d84038143a
-
Size
103KB
-
Sample
221126-k24cjsfg74
-
MD5
e6d41215f7f5d61e7a088e6e3f2cef57
-
SHA1
04c8890e1e8d488e451eadb707d538ed8aaad312
-
SHA256
ac2a327b1fe8922b6385c5947a191dcf890321a5832c6bdecb3da8d84038143a
-
SHA512
ebea1b6ff92b80671b42a16e8de3d6b5715e83733aef56c9bc93b58ec66d6313b9eea96d9c648161574618898ab9eee6efed0a0803ea5891f9ef0d6548563a78
-
SSDEEP
3072:7fSw/ZxLsQMer0vwsGrjL4WMQpe4RlTQXj:bSw/HIrojL4WbpPlkX
Static task
static1
Behavioral task
behavioral1
Sample
ac2a327b1fe8922b6385c5947a191dcf890321a5832c6bdecb3da8d84038143a.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://neradio.ru/libraries/joomla/session/user.php
-
payload_url
http://bontravel.com.ua/wp-includes/pomo/update.exe
Targets
-
-
Target
ac2a327b1fe8922b6385c5947a191dcf890321a5832c6bdecb3da8d84038143a
-
Size
103KB
-
MD5
e6d41215f7f5d61e7a088e6e3f2cef57
-
SHA1
04c8890e1e8d488e451eadb707d538ed8aaad312
-
SHA256
ac2a327b1fe8922b6385c5947a191dcf890321a5832c6bdecb3da8d84038143a
-
SHA512
ebea1b6ff92b80671b42a16e8de3d6b5715e83733aef56c9bc93b58ec66d6313b9eea96d9c648161574618898ab9eee6efed0a0803ea5891f9ef0d6548563a78
-
SSDEEP
3072:7fSw/ZxLsQMer0vwsGrjL4WMQpe4RlTQXj:bSw/HIrojL4WbpPlkX
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-