General
-
Target
6965f10e12ad7779847e9aa75faa2f9b967e9ff71709a7c3c0733ef3d299bd8f
-
Size
305KB
-
Sample
221126-rw1sssdh6t
-
MD5
2c62199a2ae1feeaf3a2142f907e48d6
-
SHA1
fb80ff63ca73ed7cbc88bccbcda782e4e7f7cef1
-
SHA256
6965f10e12ad7779847e9aa75faa2f9b967e9ff71709a7c3c0733ef3d299bd8f
-
SHA512
4e34fb4d4495cc3eba646fb10fb49911f1b0b6893de6033e1ae9b7e2ffcfd0b530afaf09228b886d028f753c41418813a23b5250bbf9dfc5e57a2f5a38f7f90e
-
SSDEEP
6144:Li9xBUhInhV8dI9oibf+beynQpFhfx3+D4I1ncrsUD+cCWyM/TnxeVUv:LmsKnhV8u35yncxuD4I1ncrsUD+cCWXt
Static task
static1
Behavioral task
behavioral1
Sample
6965f10e12ad7779847e9aa75faa2f9b967e9ff71709a7c3c0733ef3d299bd8f.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
6965f10e12ad7779847e9aa75faa2f9b967e9ff71709a7c3c0733ef3d299bd8f.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://kalakwaoo.in/moto/Panel/gate.php
-
payload_url
http://www.celitel-rf.ru/moto.exe
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
6965f10e12ad7779847e9aa75faa2f9b967e9ff71709a7c3c0733ef3d299bd8f
-
Size
305KB
-
MD5
2c62199a2ae1feeaf3a2142f907e48d6
-
SHA1
fb80ff63ca73ed7cbc88bccbcda782e4e7f7cef1
-
SHA256
6965f10e12ad7779847e9aa75faa2f9b967e9ff71709a7c3c0733ef3d299bd8f
-
SHA512
4e34fb4d4495cc3eba646fb10fb49911f1b0b6893de6033e1ae9b7e2ffcfd0b530afaf09228b886d028f753c41418813a23b5250bbf9dfc5e57a2f5a38f7f90e
-
SSDEEP
6144:Li9xBUhInhV8dI9oibf+beynQpFhfx3+D4I1ncrsUD+cCWyM/TnxeVUv:LmsKnhV8u35yncxuD4I1ncrsUD+cCWXt
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Deletes itself
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-