General
-
Target
fbcbe4fa4fe0355d23888968c9c2ac4f372cd2a884470c0c1a3a9ec75aad7b49
-
Size
401KB
-
Sample
221126-bw3dmafd7y
-
MD5
faff5f74b2764e94d05540e1da7ee603
-
SHA1
a5f6dbfca3d56b083e6f161538d2f9a6b53634a7
-
SHA256
fbcbe4fa4fe0355d23888968c9c2ac4f372cd2a884470c0c1a3a9ec75aad7b49
-
SHA512
19861f92e5e819d6d72692806fa1e6102ec3fd21e04307f8e0a2a3af38dd0986d2457b126570ba110a7d1061106f3c524f0fa98ea1bce46e530bdb9c7cb3c76d
-
SSDEEP
12288:ub+Ru6JpJ8stM6RlWsaNkriQfQaoKwdCLvT:uqRuqD8stM6Dzi/aonwrT
Static task
static1
Behavioral task
behavioral1
Sample
fbcbe4fa4fe0355d23888968c9c2ac4f372cd2a884470c0c1a3a9ec75aad7b49.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://91.220.163.21/pony/gate.php
Targets
-
-
Target
fbcbe4fa4fe0355d23888968c9c2ac4f372cd2a884470c0c1a3a9ec75aad7b49
-
Size
401KB
-
MD5
faff5f74b2764e94d05540e1da7ee603
-
SHA1
a5f6dbfca3d56b083e6f161538d2f9a6b53634a7
-
SHA256
fbcbe4fa4fe0355d23888968c9c2ac4f372cd2a884470c0c1a3a9ec75aad7b49
-
SHA512
19861f92e5e819d6d72692806fa1e6102ec3fd21e04307f8e0a2a3af38dd0986d2457b126570ba110a7d1061106f3c524f0fa98ea1bce46e530bdb9c7cb3c76d
-
SSDEEP
12288:ub+Ru6JpJ8stM6RlWsaNkriQfQaoKwdCLvT:uqRuqD8stM6Dzi/aonwrT
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-