General
-
Target
b304455ccacad4311f34136a3a2534ee5f26c0ba147e840cea01d6b4f8dfee92
-
Size
290KB
-
Sample
221108-1wx7cacddn
-
MD5
03216ac79bcf1b2827c264068c1bea40
-
SHA1
bdf45919077f4173725f07c7505ea682ff68e4e2
-
SHA256
b304455ccacad4311f34136a3a2534ee5f26c0ba147e840cea01d6b4f8dfee92
-
SHA512
78518aa12ce37d626fa3937346f926f19782b4c274b0d0d3762e9932a9bbc76ab4e7acee1fe83f6ca688de5827ac9b9b69e888b071fbf0431b3775b4167dcaac
-
SSDEEP
6144:tufBlxbZtkW7Oktr9Q6skojoHgQBSFccvmtk5LZjsHFY:UfBlxbFOkPQP2HqccO0aY
Static task
static1
Behavioral task
behavioral1
Sample
b304455ccacad4311f34136a3a2534ee5f26c0ba147e840cea01d6b4f8dfee92.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://www.retetethermomix.ro/wp-includes/fonts/fonts.php
http://www.sumterswebdesign.com/wp-content/themes/throttle.php
http://www.schenkdirgesundheit.com/wp-content/plugins/plugins.php
http://youngswanky.com/wp-includes/pomo/com_jumi.php
http://www.savingmummy.com.au/wp-content/upgrade/upgrade.php
http://alejandropawliszyn.com//apweb/wp-adminshortcut.php
http://ankaraotodoseme.org/wp-includes/fonts/fonts.php
http://arabicgermany.com/wp-includes/certificates/88nicholasroberts.php
http://artemis.isolutiontank.com/wp-includes/pomo/i.php
http://beatcancerinms.com//yahoo_site_admin/credentialspierwsza-pomoc.php
http://canyonsdelmaresme.cat/wp-content/languages/languages.php
http://campoflor.com/wp-includes/pomo/Circolari.php
http://cekharga.ariefew.com/wp-includes/certificates/boredbreak.php
http://cekharga.ariefew.com/wp-admin/js/arealsoft2.0.php
http://castleconifer.com/wp-admin/includes/payment.php
http://christcommunitycogic.org/pwksfmaw/klsjdvbss/th-TH.php
http://cinema175.com/ecupidthemovie/contact/contact.php
Targets
-
-
Target
b304455ccacad4311f34136a3a2534ee5f26c0ba147e840cea01d6b4f8dfee92
-
Size
290KB
-
MD5
03216ac79bcf1b2827c264068c1bea40
-
SHA1
bdf45919077f4173725f07c7505ea682ff68e4e2
-
SHA256
b304455ccacad4311f34136a3a2534ee5f26c0ba147e840cea01d6b4f8dfee92
-
SHA512
78518aa12ce37d626fa3937346f926f19782b4c274b0d0d3762e9932a9bbc76ab4e7acee1fe83f6ca688de5827ac9b9b69e888b071fbf0431b3775b4167dcaac
-
SSDEEP
6144:tufBlxbZtkW7Oktr9Q6skojoHgQBSFccvmtk5LZjsHFY:UfBlxbFOkPQP2HqccO0aY
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-