General
-
Target
45990a960a138c30a7d38a9ddedc3d29f19ebf67f3686fd0e41e0cb4d0ef751d
-
Size
158KB
-
Sample
221002-qyahyshbc2
-
MD5
464f5bda5188d9af5bad6cbd641249f0
-
SHA1
1ec7a356f2d45f4b531b0ba1e16ff2516e441ecf
-
SHA256
45990a960a138c30a7d38a9ddedc3d29f19ebf67f3686fd0e41e0cb4d0ef751d
-
SHA512
075ace73f2d5d052bd570a5e3ddda8fbb8d4fb2b48b2b6c8701c98857d930e360fc710282d3ee7d1ae4d29b4c2c4cfb571211b334635cf54962f8c65c9650fb0
-
SSDEEP
3072:t2TjsXe8kZ2hUlv8t/PPOrUlphVtZY8r70IouNqUzNDW69v7SO:YHsXNa2f/PdlBLYPI7Nvzd9zb
Static task
static1
Behavioral task
behavioral1
Sample
45990a960a138c30a7d38a9ddedc3d29f19ebf67f3686fd0e41e0cb4d0ef751d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
45990a960a138c30a7d38a9ddedc3d29f19ebf67f3686fd0e41e0cb4d0ef751d.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
pony
http://www.bing.com/gate.php
http://pages.ebay.com/gate.php
http://ngnetworld.com/gate.php
http://wordpress.com/gate.php
http://simple-cdn-node.com/gate.php
http://www.microsoft.com/gate.php
http://ngnetworld.com/1.exe?c=4
-
payload_url
http://ngnetworld.com/6.exe
Targets
-
-
Target
45990a960a138c30a7d38a9ddedc3d29f19ebf67f3686fd0e41e0cb4d0ef751d
-
Size
158KB
-
MD5
464f5bda5188d9af5bad6cbd641249f0
-
SHA1
1ec7a356f2d45f4b531b0ba1e16ff2516e441ecf
-
SHA256
45990a960a138c30a7d38a9ddedc3d29f19ebf67f3686fd0e41e0cb4d0ef751d
-
SHA512
075ace73f2d5d052bd570a5e3ddda8fbb8d4fb2b48b2b6c8701c98857d930e360fc710282d3ee7d1ae4d29b4c2c4cfb571211b334635cf54962f8c65c9650fb0
-
SSDEEP
3072:t2TjsXe8kZ2hUlv8t/PPOrUlphVtZY8r70IouNqUzNDW69v7SO:YHsXNa2f/PdlBLYPI7Nvzd9zb
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-