General
-
Target
f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02
-
Size
43KB
-
Sample
221120-hw1ncsca78
-
MD5
463c1c8d7a6cb35dfc809528baab94a6
-
SHA1
428f4a7974215b2f3a1459789f18b6299e7fb5c5
-
SHA256
f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02
-
SHA512
c6e883acb1094480b68296d4d8a5764519c1edf126d0a25fc4784275b965a92098c5ad2f73a41cb5847a7e15a71c518ef989bbdcf1e6ad597b7112c062e4a55d
-
SSDEEP
768:dX/hVXegqr9jqmDfTPbRdn1PgUrXSobAL8qPP0KOIITYvGwItYdgmDqTCyN:zVXegqr9jqgfTPbR/PgUbSUAZ3LvI0vC
Static task
static1
Behavioral task
behavioral1
Sample
f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
pony
http://149.255.99.32:8080/forum/viewtopic.php
http://69.163.40.128/forum/viewtopic.php
-
payload_url
http://atualizacoes.issqn.net/FhPD.exe
http://rampazzo.com.br/mbhyAkQ.exe
http://homeringer.com/tWEkgm.exe
Targets
-
-
Target
f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02
-
Size
43KB
-
MD5
463c1c8d7a6cb35dfc809528baab94a6
-
SHA1
428f4a7974215b2f3a1459789f18b6299e7fb5c5
-
SHA256
f33ca29027d6921293a118cab8eec15ba9bad918e568f7f1b01a256036472b02
-
SHA512
c6e883acb1094480b68296d4d8a5764519c1edf126d0a25fc4784275b965a92098c5ad2f73a41cb5847a7e15a71c518ef989bbdcf1e6ad597b7112c062e4a55d
-
SSDEEP
768:dX/hVXegqr9jqmDfTPbRdn1PgUrXSobAL8qPP0KOIITYvGwItYdgmDqTCyN:zVXegqr9jqgfTPbR/PgUbSUAZ3LvI0vC
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-