General
-
Target
9d0608b76d79caaca5a3c125297f8d963788266880a55985b69d3ad95d8d6f20
-
Size
128KB
-
Sample
221124-1hxcwsbc45
-
MD5
3628ac64f60118069c804677db0c3915
-
SHA1
fd41484447660c88a165f3efc95a122ff465f164
-
SHA256
9d0608b76d79caaca5a3c125297f8d963788266880a55985b69d3ad95d8d6f20
-
SHA512
1a0cb8fe4c8d90041182b344ae264163e12949aa74da3c84afc5b7b12a80156d5710a75c416668926cc58e96f23f81d7284af7330307490929c9672f49d2b059
-
SSDEEP
3072:0Y4pfrdn0ugiTzZE4TYKkFqyZAt37+KVBTBJePyyi6:v4pfrdnTRT9DyZc3BVBTfePyyi
Static task
static1
Behavioral task
behavioral1
Sample
9d0608b76d79caaca5a3c125297f8d963788266880a55985b69d3ad95d8d6f20.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
9d0608b76d79caaca5a3c125297f8d963788266880a55985b69d3ad95d8d6f20.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://energypowerhealing.com/krc/blue/gate.php
Targets
-
-
Target
9d0608b76d79caaca5a3c125297f8d963788266880a55985b69d3ad95d8d6f20
-
Size
128KB
-
MD5
3628ac64f60118069c804677db0c3915
-
SHA1
fd41484447660c88a165f3efc95a122ff465f164
-
SHA256
9d0608b76d79caaca5a3c125297f8d963788266880a55985b69d3ad95d8d6f20
-
SHA512
1a0cb8fe4c8d90041182b344ae264163e12949aa74da3c84afc5b7b12a80156d5710a75c416668926cc58e96f23f81d7284af7330307490929c9672f49d2b059
-
SSDEEP
3072:0Y4pfrdn0ugiTzZE4TYKkFqyZAt37+KVBTBJePyyi6:v4pfrdnTRT9DyZc3BVBTfePyyi
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-