General
-
Target
dbcca5e8f6fc5c8c9e5e19d0abb86f6bce376f15cd95e4dfc17dc48f6823063c
-
Size
197KB
-
Sample
221126-b8tbgsgb6x
-
MD5
c8afc8295cfab3553144dd0dcb5462bb
-
SHA1
225d61a6625799335bea0af867a2917df9ed5f87
-
SHA256
dbcca5e8f6fc5c8c9e5e19d0abb86f6bce376f15cd95e4dfc17dc48f6823063c
-
SHA512
a7682feecce04f2589502daec3b97cd6d67a513a0afadc52521b3e5cf21d0f8f47a286f8e7556599b19997a5281d78827b6230ecc67ee6e686c8b5c777731e82
-
SSDEEP
6144:3xcVLIizxjE5rQs1w2hTY5BYsfx43dT2zGO:CIijEu0jhYospYdT2z
Static task
static1
Behavioral task
behavioral1
Sample
dbcca5e8f6fc5c8c9e5e19d0abb86f6bce376f15cd95e4dfc17dc48f6823063c.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
dbcca5e8f6fc5c8c9e5e19d0abb86f6bce376f15cd95e4dfc17dc48f6823063c.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://swankafan.com/smile/smile/Panel/gate.php
-
payload_url
http://www.celitel-rf.ru/server.exe
http://www.celitel-rf.ru/server2.exe
Targets
-
-
Target
dbcca5e8f6fc5c8c9e5e19d0abb86f6bce376f15cd95e4dfc17dc48f6823063c
-
Size
197KB
-
MD5
c8afc8295cfab3553144dd0dcb5462bb
-
SHA1
225d61a6625799335bea0af867a2917df9ed5f87
-
SHA256
dbcca5e8f6fc5c8c9e5e19d0abb86f6bce376f15cd95e4dfc17dc48f6823063c
-
SHA512
a7682feecce04f2589502daec3b97cd6d67a513a0afadc52521b3e5cf21d0f8f47a286f8e7556599b19997a5281d78827b6230ecc67ee6e686c8b5c777731e82
-
SSDEEP
6144:3xcVLIizxjE5rQs1w2hTY5BYsfx43dT2zGO:CIijEu0jhYospYdT2z
Score10/10-
Modifies WinLogon for persistence
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-