General
-
Target
5e6207cf1bf0fbe1fc7e9ce929a87be740998704539a3450dc5da76298bac2b2
-
Size
134KB
-
Sample
221120-kkr8yshh2t
-
MD5
03d80087b2482eeddcca6d6500e70663
-
SHA1
e83e0d5482c80fcac66f2fb0f5fb7f84132456e3
-
SHA256
5e6207cf1bf0fbe1fc7e9ce929a87be740998704539a3450dc5da76298bac2b2
-
SHA512
1a7ab05e7129c0245f508aead14b2f1bfc537d896ce2b4b9a2426986a0ff98c2911b13e3ed7243bea176c2adad1f9e6a79c7630b5c8190a1b4f6fa573ecf8e9a
-
SSDEEP
3072:RPY1lfhVh2eewf2CaY1qPR9k5c5Jdd/jCi:GCebaRhjn
Static task
static1
Behavioral task
behavioral1
Sample
5e6207cf1bf0fbe1fc7e9ce929a87be740998704539a3450dc5da76298bac2b2.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://212.58.20.11:8080/pony/gate.php
http://66.175.220.109/pony/gate.php
-
payload_url
http://fatihfiliz.com.tr/HjcqX.exe
http://www.admirals.ae/j3fwjN.exe
Targets
-
-
Target
5e6207cf1bf0fbe1fc7e9ce929a87be740998704539a3450dc5da76298bac2b2
-
Size
134KB
-
MD5
03d80087b2482eeddcca6d6500e70663
-
SHA1
e83e0d5482c80fcac66f2fb0f5fb7f84132456e3
-
SHA256
5e6207cf1bf0fbe1fc7e9ce929a87be740998704539a3450dc5da76298bac2b2
-
SHA512
1a7ab05e7129c0245f508aead14b2f1bfc537d896ce2b4b9a2426986a0ff98c2911b13e3ed7243bea176c2adad1f9e6a79c7630b5c8190a1b4f6fa573ecf8e9a
-
SSDEEP
3072:RPY1lfhVh2eewf2CaY1qPR9k5c5Jdd/jCi:GCebaRhjn
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-