General
-
Target
0bfb189716993ad5137df9eee7fe6407ac2315d30ad7b58e78bfa0350bdfbe77
-
Size
133KB
-
Sample
221128-hakd9acd86
-
MD5
a7a35312ad78654ca8225c30a88f08c3
-
SHA1
a1f3c02e9b450218b87b77c3e5880619b4181ef2
-
SHA256
0bfb189716993ad5137df9eee7fe6407ac2315d30ad7b58e78bfa0350bdfbe77
-
SHA512
282ff1256956f5461579ed21356f94d0306ee402d6776f533145440cf458d8a609215cb589d570e612eb3453a7f71f0b32f9e5b822bcd3f9ef691e5bd035abca
-
SSDEEP
1536:LsFxRlhRvjWvipqAMeUjiS2CoexoLa5QAh0Y2V1fRz94QiyCqf7yeCNiLUC71hH3:LClT3PzSh3Qmb4f59jT6iQC78NulQi
Static task
static1
Behavioral task
behavioral1
Sample
0bfb189716993ad5137df9eee7fe6407ac2315d30ad7b58e78bfa0350bdfbe77.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://pokontaktu.ru/media/jce/instes/user.php
-
payload_url
http://semerka.net/design/default/java.exe
Targets
-
-
Target
0bfb189716993ad5137df9eee7fe6407ac2315d30ad7b58e78bfa0350bdfbe77
-
Size
133KB
-
MD5
a7a35312ad78654ca8225c30a88f08c3
-
SHA1
a1f3c02e9b450218b87b77c3e5880619b4181ef2
-
SHA256
0bfb189716993ad5137df9eee7fe6407ac2315d30ad7b58e78bfa0350bdfbe77
-
SHA512
282ff1256956f5461579ed21356f94d0306ee402d6776f533145440cf458d8a609215cb589d570e612eb3453a7f71f0b32f9e5b822bcd3f9ef691e5bd035abca
-
SSDEEP
1536:LsFxRlhRvjWvipqAMeUjiS2CoexoLa5QAh0Y2V1fRz94QiyCqf7yeCNiLUC71hH3:LClT3PzSh3Qmb4f59jT6iQC78NulQi
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-