General
-
Target
ac167ff3fd93263b2659588a2cb8249c11e6874cda9d4c7fda1b36c98f563923
-
Size
556KB
-
Sample
221124-zqpgkshe53
-
MD5
b932f63f15f87d309cd027c21518e8c4
-
SHA1
dacb1dad55ff6cd1819be0c467465f12fb473631
-
SHA256
ac167ff3fd93263b2659588a2cb8249c11e6874cda9d4c7fda1b36c98f563923
-
SHA512
da11aa7faba674481157223237599ed24e065739aac93a19b8e5ece3b83425eecc678c034d2184c4bc8505cf5510d6b6cd3789dc834ec663438750285cbd883e
-
SSDEEP
6144:wYvQ3CJ0eel1vWjLu7ioQxI3F6GlSAvHiCqSPH2RLnVUFmLRfPoYt:GCJ0eU9oLu7ioQxIZ2nVUCoU
Static task
static1
Behavioral task
behavioral1
Sample
ac167ff3fd93263b2659588a2cb8249c11e6874cda9d4c7fda1b36c98f563923.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://clarankem.allalla.com/gate.php
-
payload_url
http://clarankem.allalla.com/shit.exe
Targets
-
-
Target
ac167ff3fd93263b2659588a2cb8249c11e6874cda9d4c7fda1b36c98f563923
-
Size
556KB
-
MD5
b932f63f15f87d309cd027c21518e8c4
-
SHA1
dacb1dad55ff6cd1819be0c467465f12fb473631
-
SHA256
ac167ff3fd93263b2659588a2cb8249c11e6874cda9d4c7fda1b36c98f563923
-
SHA512
da11aa7faba674481157223237599ed24e065739aac93a19b8e5ece3b83425eecc678c034d2184c4bc8505cf5510d6b6cd3789dc834ec663438750285cbd883e
-
SSDEEP
6144:wYvQ3CJ0eel1vWjLu7ioQxI3F6GlSAvHiCqSPH2RLnVUFmLRfPoYt:GCJ0eU9oLu7ioQxIZ2nVUCoU
-
Executes dropped EXE
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-