General
-
Target
a61334ec36977bd7c6942e2faa8a2a2a146624a3b10a2640c91b389ec9921ff8
-
Size
87KB
-
Sample
221108-16v5qsbbh3
-
MD5
0d0f8cba4a34a7cd0c5d3a80a9777e32
-
SHA1
83fb3353ce22156d6214b0ac837ede6076d7facf
-
SHA256
a61334ec36977bd7c6942e2faa8a2a2a146624a3b10a2640c91b389ec9921ff8
-
SHA512
e80df65af5b761ea9bb5b665f2997626896cd6f58f696a70eb9fdab8356f70fe2f66b13ec0a8920155b8e05d667f79f6d49573e241cccd022e78f1fc47a4481b
-
SSDEEP
768:75UxQ1ZrSQbz5W5xPZBETCnGDMtdUrYkcbx8soxVgpXKP9/jPff2vxBk:EQ1NSAoxPMCGMd2YxxsxV6XyDev7k
Static task
static1
Behavioral task
behavioral1
Sample
a61334ec36977bd7c6942e2faa8a2a2a146624a3b10a2640c91b389ec9921ff8.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a61334ec36977bd7c6942e2faa8a2a2a146624a3b10a2640c91b389ec9921ff8.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://cccth.ru/
http://sclko.su/
-
payload_url
http://jyblr.ru/f/sc.exe
http://jyblr.ru/f/pkc.exe
http://jyblr.ru/f/skc.exe
Targets
-
-
Target
a61334ec36977bd7c6942e2faa8a2a2a146624a3b10a2640c91b389ec9921ff8
-
Size
87KB
-
MD5
0d0f8cba4a34a7cd0c5d3a80a9777e32
-
SHA1
83fb3353ce22156d6214b0ac837ede6076d7facf
-
SHA256
a61334ec36977bd7c6942e2faa8a2a2a146624a3b10a2640c91b389ec9921ff8
-
SHA512
e80df65af5b761ea9bb5b665f2997626896cd6f58f696a70eb9fdab8356f70fe2f66b13ec0a8920155b8e05d667f79f6d49573e241cccd022e78f1fc47a4481b
-
SSDEEP
768:75UxQ1ZrSQbz5W5xPZBETCnGDMtdUrYkcbx8soxVgpXKP9/jPff2vxBk:EQ1NSAoxPMCGMd2YxxsxV6XyDev7k
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-