General
-
Target
a88909603282ae6a89cc2fd892877d376e7e5bf68a803bf72c04737cfbc59639
-
Size
132KB
-
Sample
221108-142vhabbb7
-
MD5
0998545bc90bde52893d12dffe7dd424
-
SHA1
db0fc7f49a33cbc550372cc6b37c418bbfe3f9c4
-
SHA256
a88909603282ae6a89cc2fd892877d376e7e5bf68a803bf72c04737cfbc59639
-
SHA512
3ad86dc29b222f3f92fe5d4b411422e83c176f5b1935022e8342800cb3a31f8fd703189580e0173eb6c5a1e589c50f2cc7cfb1477e8490c872364f5ce6a8499d
-
SSDEEP
3072:DfbmUkNmOJ5Qygjdjop3QQf/WbLnEwVSim0AfBP:jb/k7a5jo17/WXnDSimRJ
Static task
static1
Behavioral task
behavioral1
Sample
a88909603282ae6a89cc2fd892877d376e7e5bf68a803bf72c04737cfbc59639.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://67.215.225.205:8080/ponyd/gate.php
http://74.207.232.161/ponyd/gate.php
-
payload_url
http://res.streetammo.com/SwoBrJYg/oEbZ.exe
http://abo.gnumerica.org/oSZx1Nko/eZPX.exe
Targets
-
-
Target
a88909603282ae6a89cc2fd892877d376e7e5bf68a803bf72c04737cfbc59639
-
Size
132KB
-
MD5
0998545bc90bde52893d12dffe7dd424
-
SHA1
db0fc7f49a33cbc550372cc6b37c418bbfe3f9c4
-
SHA256
a88909603282ae6a89cc2fd892877d376e7e5bf68a803bf72c04737cfbc59639
-
SHA512
3ad86dc29b222f3f92fe5d4b411422e83c176f5b1935022e8342800cb3a31f8fd703189580e0173eb6c5a1e589c50f2cc7cfb1477e8490c872364f5ce6a8499d
-
SSDEEP
3072:DfbmUkNmOJ5Qygjdjop3QQf/WbLnEwVSim0AfBP:jb/k7a5jo17/WXnDSimRJ
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-