General
-
Target
bbd5e3ee5f40c95704898fbc509e9841b4a366c0cb32fded95207ee25606848b
-
Size
69KB
-
Sample
221108-1rdxxacbcj
-
MD5
019e347995ee952d214d24d452228201
-
SHA1
72606f9e76518c08c483a95de950147eb316bf77
-
SHA256
bbd5e3ee5f40c95704898fbc509e9841b4a366c0cb32fded95207ee25606848b
-
SHA512
ed5146b83beb884b89c7c669a87d98b4ff19869cc4c0e51db883ab7dc7b42ed81b8c980b92f5edaf558a5809b28a1b6ec0a141ede5981701b276869f05935c85
-
SSDEEP
768:j4AF1RAuIGGfhI8MC7xu4xe+SDorpoQbu20no95Hu+1cb/8G8i5iADg:MIRAufGq8z7xuW3SephMn+1cT8DMiag
Static task
static1
Behavioral task
behavioral1
Sample
bbd5e3ee5f40c95704898fbc509e9841b4a366c0cb32fded95207ee25606848b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
bbd5e3ee5f40c95704898fbc509e9841b4a366c0cb32fded95207ee25606848b.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://mmbild.se/mary/r1.php
http://plndigital.org/r1.php
-
payload_url
http://heelveelverdienen.nl/tmp/file1.exe
http://heelveelverdienen.nl/tmp/file2.exe
http://willingen-schwalefeld.nl/tmp/file1.exe
http://willingen-schwalefeld.nl/tmp/file2.exe
Targets
-
-
Target
bbd5e3ee5f40c95704898fbc509e9841b4a366c0cb32fded95207ee25606848b
-
Size
69KB
-
MD5
019e347995ee952d214d24d452228201
-
SHA1
72606f9e76518c08c483a95de950147eb316bf77
-
SHA256
bbd5e3ee5f40c95704898fbc509e9841b4a366c0cb32fded95207ee25606848b
-
SHA512
ed5146b83beb884b89c7c669a87d98b4ff19869cc4c0e51db883ab7dc7b42ed81b8c980b92f5edaf558a5809b28a1b6ec0a141ede5981701b276869f05935c85
-
SSDEEP
768:j4AF1RAuIGGfhI8MC7xu4xe+SDorpoQbu20no95Hu+1cb/8G8i5iADg:MIRAufGq8z7xuW3SephMn+1cT8DMiag
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-