General
-
Target
eb51fa64e6d1687abdd2e0ee8a0d49468ab2879007c094e3b351f505fff09e0c
-
Size
134KB
-
Sample
221126-eqqz7aec91
-
MD5
0e087a29f6694524e66020d9454ccdb9
-
SHA1
10e5050f1975938399827be5dab35e5d01cb0c89
-
SHA256
eb51fa64e6d1687abdd2e0ee8a0d49468ab2879007c094e3b351f505fff09e0c
-
SHA512
9e9c8bb4c3c577a41d930356c8b2d0a9eba0f0692b7e654053b2af478471c1b36db78cd33d2d5b800e661d5a5752e53448fbd299bdc670da5091e704ec10a1af
-
SSDEEP
3072:LlMyoAdZDhDOdtgXwDEi5xZgrdkkeRQHadg/wb:pvomDhi8wgiXZgrulk/
Static task
static1
Behavioral task
behavioral1
Sample
eb51fa64e6d1687abdd2e0ee8a0d49468ab2879007c094e3b351f505fff09e0c.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
eb51fa64e6d1687abdd2e0ee8a0d49468ab2879007c094e3b351f505fff09e0c.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://d-mmoney.favcc1.com/gate.php
-
payload_url
http://d-mmoney.favcc1.com/shit.exe
Targets
-
-
Target
eb51fa64e6d1687abdd2e0ee8a0d49468ab2879007c094e3b351f505fff09e0c
-
Size
134KB
-
MD5
0e087a29f6694524e66020d9454ccdb9
-
SHA1
10e5050f1975938399827be5dab35e5d01cb0c89
-
SHA256
eb51fa64e6d1687abdd2e0ee8a0d49468ab2879007c094e3b351f505fff09e0c
-
SHA512
9e9c8bb4c3c577a41d930356c8b2d0a9eba0f0692b7e654053b2af478471c1b36db78cd33d2d5b800e661d5a5752e53448fbd299bdc670da5091e704ec10a1af
-
SSDEEP
3072:LlMyoAdZDhDOdtgXwDEi5xZgrdkkeRQHadg/wb:pvomDhi8wgiXZgrulk/
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-