General
-
Target
ffaacbfc950a5177e6af9e87116b54f68adae48ed6fbc48813ac796c48931455
-
Size
127KB
-
Sample
221003-p7xt6sgcf6
-
MD5
4cf2810c93339eed1e27149d5edfe675
-
SHA1
8c3d86b1b4d0280adfb7e375b3cfb4ff2ab324b7
-
SHA256
ffaacbfc950a5177e6af9e87116b54f68adae48ed6fbc48813ac796c48931455
-
SHA512
0575bb5ef0049b0279f4d7bf2a91b0670f73e37df83a4620d4c3206e93546f785fcad81aad22273c06b19848f32f56e69a500b51333d3b41d0678c5fd7109461
-
SSDEEP
3072:Bsvlq7j26JPGVyW+cFlaGcQ8WdcziOuc:Bsvlqn2WuVYK0y
Static task
static1
Behavioral task
behavioral1
Sample
ffaacbfc950a5177e6af9e87116b54f68adae48ed6fbc48813ac796c48931455.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://91.220.35.125/internet_goo.php
http://5.135.8.69/8bd7d5194/werghw45gwe
http://5.135.8.69/8bd7d5194/brgn424t235
http://5.135.8.69/8bd7d5194/wert34g45ht
http://5.135.8.69/8bd7d5194/wergwrg3gwer
http://5.135.8.69/8bd7d5194/rebhg542
http://91.220.35.48/fb/internet.php
Targets
-
-
Target
ffaacbfc950a5177e6af9e87116b54f68adae48ed6fbc48813ac796c48931455
-
Size
127KB
-
MD5
4cf2810c93339eed1e27149d5edfe675
-
SHA1
8c3d86b1b4d0280adfb7e375b3cfb4ff2ab324b7
-
SHA256
ffaacbfc950a5177e6af9e87116b54f68adae48ed6fbc48813ac796c48931455
-
SHA512
0575bb5ef0049b0279f4d7bf2a91b0670f73e37df83a4620d4c3206e93546f785fcad81aad22273c06b19848f32f56e69a500b51333d3b41d0678c5fd7109461
-
SSDEEP
3072:Bsvlq7j26JPGVyW+cFlaGcQ8WdcziOuc:Bsvlqn2WuVYK0y
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-