General
-
Target
a7f5730adbd3dfc5bd50854446d8fb440ab25cff0793d233c4b6159fcda55193
-
Size
370KB
-
Sample
221124-zyfjmsaa39
-
MD5
9c1f64989506534baa4bb6708da3454b
-
SHA1
1cb6caa39e3c0a0ed31ab802194ef1a74ffb78bc
-
SHA256
a7f5730adbd3dfc5bd50854446d8fb440ab25cff0793d233c4b6159fcda55193
-
SHA512
82dea0ca426bb20fad0ade636273bb7f012b1479224a84ad0f81fd987a1311596f3fdbde786b3189a545c80de97caeaf8e686da8930ea6bd6b44fa7f4957730f
-
SSDEEP
6144:24qN9akB2YCBCCCCCCCr3CCCCvvvwvvvvvdviW0oTV2mKFUK69i/WZ:xIakBNCBCCCCCCCzCCCCvvvwvvvvvdvf
Static task
static1
Behavioral task
behavioral1
Sample
a7f5730adbd3dfc5bd50854446d8fb440ab25cff0793d233c4b6159fcda55193.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
a7f5730adbd3dfc5bd50854446d8fb440ab25cff0793d233c4b6159fcda55193.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://goodwellbeard.biz/nna/Panel/gate.php
http://www.goodwellbeard.biz/nna/Panel/gate.phph
Targets
-
-
Target
a7f5730adbd3dfc5bd50854446d8fb440ab25cff0793d233c4b6159fcda55193
-
Size
370KB
-
MD5
9c1f64989506534baa4bb6708da3454b
-
SHA1
1cb6caa39e3c0a0ed31ab802194ef1a74ffb78bc
-
SHA256
a7f5730adbd3dfc5bd50854446d8fb440ab25cff0793d233c4b6159fcda55193
-
SHA512
82dea0ca426bb20fad0ade636273bb7f012b1479224a84ad0f81fd987a1311596f3fdbde786b3189a545c80de97caeaf8e686da8930ea6bd6b44fa7f4957730f
-
SSDEEP
6144:24qN9akB2YCBCCCCCCCr3CCCCvvvwvvvvvdviW0oTV2mKFUK69i/WZ:xIakBNCBCCCCCCCzCCCCvvvwvvvvvdvf
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-