General
-
Target
c5a48a8322d05e088c6f64872d87a02108e739497dd70176ab2fc4e894842910
-
Size
235KB
-
Sample
221001-16j3gababn
-
MD5
782bf83934e23b701fe82e2758bd3270
-
SHA1
a12f64aef769958101bda0370a8fb7065ee46a06
-
SHA256
c5a48a8322d05e088c6f64872d87a02108e739497dd70176ab2fc4e894842910
-
SHA512
3524622fe8e7ee606d7638efdfc6b8d9ffce3c56d16fafb84586fe710a52f2ed99b06d8e360d1bd1222489a18e991f0528fb5e6409a1bb5c9d279f15604d76d0
-
SSDEEP
3072:CeNVOhiPoML3O07vuzaeVYPQaXhQB07Uxri+4/7u5BChYiABdVLZrWMXDDu5ofKj:nOhWLluOeweBxW+4/7uyhYpXp3hK
Static task
static1
Behavioral task
behavioral1
Sample
c5a48a8322d05e088c6f64872d87a02108e739497dd70176ab2fc4e894842910.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://www.retetethermomix.ro/wp-includes/fonts/fonts.php
http://www.sumterswebdesign.com/wp-content/themes/throttle.php
http://www.schenkdirgesundheit.com/wp-content/plugins/plugins.php
http://youngswanky.com/wp-includes/pomo/com_jumi.php
http://www.savingmummy.com.au/wp-content/upgrade/upgrade.php
http://alejandropawliszyn.com//apweb/wp-adminshortcut.php
http://ankaraotodoseme.org/wp-includes/fonts/fonts.php
http://arabicgermany.com/wp-includes/certificates/88nicholasroberts.php
http://artemis.isolutiontank.com/wp-includes/pomo/i.php
http://beatcancerinms.com//yahoo_site_admin/credentialspierwsza-pomoc.php
http://canyonsdelmaresme.cat/wp-content/languages/languages.php
http://campoflor.com/wp-includes/pomo/Circolari.php
http://cekharga.ariefew.com/wp-includes/certificates/boredbreak.php
http://cekharga.ariefew.com/wp-admin/js/arealsoft2.0.php
http://castleconifer.com/wp-admin/includes/payment.php
http://christcommunitycogic.org/pwksfmaw/klsjdvbss/th-TH.php
http://cinema175.com/ecupidthemovie/contact/contact.php
Targets
-
-
Target
c5a48a8322d05e088c6f64872d87a02108e739497dd70176ab2fc4e894842910
-
Size
235KB
-
MD5
782bf83934e23b701fe82e2758bd3270
-
SHA1
a12f64aef769958101bda0370a8fb7065ee46a06
-
SHA256
c5a48a8322d05e088c6f64872d87a02108e739497dd70176ab2fc4e894842910
-
SHA512
3524622fe8e7ee606d7638efdfc6b8d9ffce3c56d16fafb84586fe710a52f2ed99b06d8e360d1bd1222489a18e991f0528fb5e6409a1bb5c9d279f15604d76d0
-
SSDEEP
3072:CeNVOhiPoML3O07vuzaeVYPQaXhQB07Uxri+4/7u5BChYiABdVLZrWMXDDu5ofKj:nOhWLluOeweBxW+4/7uyhYpXp3hK
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-