General
-
Target
fe6151600f1a12d2d48ed26e24ebd704bf42902eb9dbcda8a39f2ffd2ba72e1e
-
Size
66KB
-
Sample
221120-hraalsfb5t
-
MD5
2fcc0c2c0e104475700580e913133a48
-
SHA1
930bae36f572962604386b9a08a97e6f1fd89af9
-
SHA256
fe6151600f1a12d2d48ed26e24ebd704bf42902eb9dbcda8a39f2ffd2ba72e1e
-
SHA512
afb3327dd2676bd1b945b9f7955c27d5b6d6739c3dafd5388a7314cbc124b93c5799e6b8a2dd7b43edb4d8592469393e1ed42ffb40c8a39b6fe0a30831cb28d2
-
SSDEEP
768:ZP60Z4VLiWjC9Iot1c5nZfHMY5/scnpWoDhTab0AC1qh+6Zvtid6U:YVL/Bote5dP3hTVA95tmd
Static task
static1
Behavioral task
behavioral1
Sample
fe6151600f1a12d2d48ed26e24ebd704bf42902eb9dbcda8a39f2ffd2ba72e1e.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
fe6151600f1a12d2d48ed26e24ebd704bf42902eb9dbcda8a39f2ffd2ba72e1e.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://fzqan.ru/
http://omkaa.su/
Targets
-
-
Target
fe6151600f1a12d2d48ed26e24ebd704bf42902eb9dbcda8a39f2ffd2ba72e1e
-
Size
66KB
-
MD5
2fcc0c2c0e104475700580e913133a48
-
SHA1
930bae36f572962604386b9a08a97e6f1fd89af9
-
SHA256
fe6151600f1a12d2d48ed26e24ebd704bf42902eb9dbcda8a39f2ffd2ba72e1e
-
SHA512
afb3327dd2676bd1b945b9f7955c27d5b6d6739c3dafd5388a7314cbc124b93c5799e6b8a2dd7b43edb4d8592469393e1ed42ffb40c8a39b6fe0a30831cb28d2
-
SSDEEP
768:ZP60Z4VLiWjC9Iot1c5nZfHMY5/scnpWoDhTab0AC1qh+6Zvtid6U:YVL/Bote5dP3hTVA95tmd
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-