General
-
Target
64b125327ae8799146a6aae22629992b61ac6f5981a79dc09c0f3bd66ff748a1
-
Size
137KB
-
Sample
221125-zqeblshc9z
-
MD5
c00cf9aee6404ec47fdd7e6e9eee820d
-
SHA1
6b130e69f56e5bb95129597ec094d9fd022920f8
-
SHA256
64b125327ae8799146a6aae22629992b61ac6f5981a79dc09c0f3bd66ff748a1
-
SHA512
858e406bf2933c09010476db4e3655bc4b254c8f53ff1fc027c60486e5e9729a8a2ddfad0a730fb0ebbe3e3f9306c4e3dc18d33df2667a675e6c020becfb7be1
-
SSDEEP
3072:I8Dsp+FNX1dFOvDlXJuZwVhRAeMtzCQs8xESUltSkWeM9uoUAHanE:I8dNXSEZahRwJqsZhMoU6aE
Static task
static1
Behavioral task
behavioral1
Sample
64b125327ae8799146a6aae22629992b61ac6f5981a79dc09c0f3bd66ff748a1.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://34324325kgkgfkgf.com/dffgbDFGvf465/YYf.php
http://dsffdsk323721372131.com/dffgbDFGvf465/YYf.php
http://fdshjfsh324332432.com/dffgbDFGvf465/YYf.php
http://jdsiwiqweiqwyreqwi.com/dffgbDFGvf465/YYf.php
Targets
-
-
Target
64b125327ae8799146a6aae22629992b61ac6f5981a79dc09c0f3bd66ff748a1
-
Size
137KB
-
MD5
c00cf9aee6404ec47fdd7e6e9eee820d
-
SHA1
6b130e69f56e5bb95129597ec094d9fd022920f8
-
SHA256
64b125327ae8799146a6aae22629992b61ac6f5981a79dc09c0f3bd66ff748a1
-
SHA512
858e406bf2933c09010476db4e3655bc4b254c8f53ff1fc027c60486e5e9729a8a2ddfad0a730fb0ebbe3e3f9306c4e3dc18d33df2667a675e6c020becfb7be1
-
SSDEEP
3072:I8Dsp+FNX1dFOvDlXJuZwVhRAeMtzCQs8xESUltSkWeM9uoUAHanE:I8dNXSEZahRwJqsZhMoU6aE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-