General
-
Target
b23d34467dc531af94893450e0b8035a8747f3d7fb86519a419ed9c7388bb603
-
Size
959KB
-
Sample
221125-m8vp4afh3t
-
MD5
a7b3d8bf5e1016eb03af417e28b3405a
-
SHA1
865a61dfc45a5ed708106055de5ff19a76349d2d
-
SHA256
b23d34467dc531af94893450e0b8035a8747f3d7fb86519a419ed9c7388bb603
-
SHA512
cb1a3e3f3b6f1a9cf9fd2e2bb0f7f04923289708b717979f31967a32f4715eff8d90bb1b624a40e1f27e83240071cd2540df41c56e2b9bd335d8037fad699bec
-
SSDEEP
12288:G1uKSavywZ8oPEVzTEnUycspBKugd7uDjde1sKcilllPqwHiZEIUbWSDz45ohOk5:GMKS6ywZHDp6dge1sKgwHMExe53ckq
Static task
static1
Behavioral task
behavioral1
Sample
b23d34467dc531af94893450e0b8035a8747f3d7fb86519a419ed9c7388bb603.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://eileen.3eeweb.com/1/1/gate.php
Targets
-
-
Target
b23d34467dc531af94893450e0b8035a8747f3d7fb86519a419ed9c7388bb603
-
Size
959KB
-
MD5
a7b3d8bf5e1016eb03af417e28b3405a
-
SHA1
865a61dfc45a5ed708106055de5ff19a76349d2d
-
SHA256
b23d34467dc531af94893450e0b8035a8747f3d7fb86519a419ed9c7388bb603
-
SHA512
cb1a3e3f3b6f1a9cf9fd2e2bb0f7f04923289708b717979f31967a32f4715eff8d90bb1b624a40e1f27e83240071cd2540df41c56e2b9bd335d8037fad699bec
-
SSDEEP
12288:G1uKSavywZ8oPEVzTEnUycspBKugd7uDjde1sKcilllPqwHiZEIUbWSDz45ohOk5:GMKS6ywZHDp6dge1sKgwHMExe53ckq
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-