General
-
Target
6df5cb160227de8c3b5ebdd56b4ff4b4fe978f1eaaae726c896029085ccb864c
-
Size
232KB
-
Sample
221126-vx8rksbc57
-
MD5
f1e1abc11ac6a0f666e02016b1c8ca7e
-
SHA1
7fd16591584ac3ee810bc6f988c976c302d307cc
-
SHA256
6df5cb160227de8c3b5ebdd56b4ff4b4fe978f1eaaae726c896029085ccb864c
-
SHA512
3230ddb75730bda1388a2ac4557a73b72c8f5b26adb9fcb7720cd6eb57d4731bf436f2806ca5a8b1ce9ae17879eb32b94797b28c53dd0f1af81d2c0f1ce044ee
-
SSDEEP
3072:seKQkxuvz0BDGJZXLw/09PKOfKHUzj7wzvIcWZfUjxlnNnU2S:se/IuvMDGJZXrpfK0zDKns
Static task
static1
Behavioral task
behavioral1
Sample
6df5cb160227de8c3b5ebdd56b4ff4b4fe978f1eaaae726c896029085ccb864c.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://trash4docs.com/gate.php
http://tumanvmoskalii.com/gate.php
http://titanikvmoskalii.com/gate.php
-
payload_url
http://servo-maszyny.pl/ADM/utility/tiny_mce/plugins/searchreplace/k1.exe
http://infogranizo.es/wp-content/plugins/feedweb_data/k1.exe
http://www.trangosalt.com/wp-content/k1.exe
http://atolyedunyam.com/wp-content/plugins/feedweb_data/k1.exe
http://machac.net/wp-content/plugins/cached_data/k1.exe
http://uksocascene.com/wp-content/plugins/feedweb_data/k1.exe
Targets
-
-
Target
6df5cb160227de8c3b5ebdd56b4ff4b4fe978f1eaaae726c896029085ccb864c
-
Size
232KB
-
MD5
f1e1abc11ac6a0f666e02016b1c8ca7e
-
SHA1
7fd16591584ac3ee810bc6f988c976c302d307cc
-
SHA256
6df5cb160227de8c3b5ebdd56b4ff4b4fe978f1eaaae726c896029085ccb864c
-
SHA512
3230ddb75730bda1388a2ac4557a73b72c8f5b26adb9fcb7720cd6eb57d4731bf436f2806ca5a8b1ce9ae17879eb32b94797b28c53dd0f1af81d2c0f1ce044ee
-
SSDEEP
3072:seKQkxuvz0BDGJZXLw/09PKOfKHUzj7wzvIcWZfUjxlnNnU2S:se/IuvMDGJZXrpfK0zDKns
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-