General
-
Target
e4820b254561aa3bb8e09f8f90e6a55e221c484629c8c6a6930735e0c07f685d
-
Size
422KB
-
Sample
221128-mwjr3ach2z
-
MD5
917b7f2fec2ed6fa106213c6b668bccd
-
SHA1
17a746e62d6687d466601b5da4b48f6fa4c7739f
-
SHA256
e4820b254561aa3bb8e09f8f90e6a55e221c484629c8c6a6930735e0c07f685d
-
SHA512
225a90f40a72b5553285f330062e7e875f1997b8a51064ba0d0f2588a03c3222d288bfcda517d71ee4265cad2e7b1b677afad3ce2aa100b54b7a34ecceb8f6d2
-
SSDEEP
6144:MvoIIoCaSmGg4FINmkQqxMV0E6rn2dODz4kw92PER/4osZU63:MvoIIoC+0FINmkQqxu4rn2sO8u/4RZt
Static task
static1
Behavioral task
behavioral1
Sample
e4820b254561aa3bb8e09f8f90e6a55e221c484629c8c6a6930735e0c07f685d.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://moskalvtumane.com/gate.php
http://podvigtitanika.com/gate.php
http://formaterdocstras.com/gate.php
-
payload_url
http://mechgag.com/wp-content/plugins/feedweb_data/k1.exe
http://moto.com.pl/components/com_content/views/category/tmpl/k1.exe
http://tabelacozumleri.com/wp-content/plugins/feedweb_data/k1.exe
http://rzpkoszalin.pl/images/k1.exe
http://gigsab.se/wp-content/plugins/feedweb_data/k1.exe
http://tefaltanwebs.com/wp-content/plugins/feedweb_data/k1.exe
Targets
-
-
Target
e4820b254561aa3bb8e09f8f90e6a55e221c484629c8c6a6930735e0c07f685d
-
Size
422KB
-
MD5
917b7f2fec2ed6fa106213c6b668bccd
-
SHA1
17a746e62d6687d466601b5da4b48f6fa4c7739f
-
SHA256
e4820b254561aa3bb8e09f8f90e6a55e221c484629c8c6a6930735e0c07f685d
-
SHA512
225a90f40a72b5553285f330062e7e875f1997b8a51064ba0d0f2588a03c3222d288bfcda517d71ee4265cad2e7b1b677afad3ce2aa100b54b7a34ecceb8f6d2
-
SSDEEP
6144:MvoIIoCaSmGg4FINmkQqxMV0E6rn2dODz4kw92PER/4osZU63:MvoIIoC+0FINmkQqxu4rn2sO8u/4RZt
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-