General
-
Target
d428d885c09be504af45697ccb0190a6f5712e0559ef5230cf6b9e47969b3d98
-
Size
124KB
-
Sample
221126-f6xckshf8w
-
MD5
c9069b4eaed3b8e321f6b1ff19938e44
-
SHA1
5564bf3fe5eee93db82852f8a1c04bf8938d6bc6
-
SHA256
d428d885c09be504af45697ccb0190a6f5712e0559ef5230cf6b9e47969b3d98
-
SHA512
5e933b19c94efb7fc6caf9c46f78f7a332debe1cfb3bc95d2c5bc1a390fcd0f074f95cb2efd38b6d8c6b896346327d32d6a78161510017659571076530999505
-
SSDEEP
1536:XeqRQxvfZvIQ1/beoDTEeno0x5mgHAiBG3nCiCQVeYuWdvBz2umSohogDrIqsL:XkXF/c0nmggiBGSife1W5l23FfIJL
Static task
static1
Behavioral task
behavioral1
Sample
d428d885c09be504af45697ccb0190a6f5712e0559ef5230cf6b9e47969b3d98.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://194.1.184.65/internet_gas.php
http://194.1.184.77/internet_gas.php
http://94.23.26.38/jvoie898a/vijasopew83279
http://94.23.26.38/jvoie898a/2ay798faovaaeq
http://94.23.26.38/jvoie898a/ivmtuc432iwqer
http://91.220.35.48/fb/internet.php
Targets
-
-
Target
d428d885c09be504af45697ccb0190a6f5712e0559ef5230cf6b9e47969b3d98
-
Size
124KB
-
MD5
c9069b4eaed3b8e321f6b1ff19938e44
-
SHA1
5564bf3fe5eee93db82852f8a1c04bf8938d6bc6
-
SHA256
d428d885c09be504af45697ccb0190a6f5712e0559ef5230cf6b9e47969b3d98
-
SHA512
5e933b19c94efb7fc6caf9c46f78f7a332debe1cfb3bc95d2c5bc1a390fcd0f074f95cb2efd38b6d8c6b896346327d32d6a78161510017659571076530999505
-
SSDEEP
1536:XeqRQxvfZvIQ1/beoDTEeno0x5mgHAiBG3nCiCQVeYuWdvBz2umSohogDrIqsL:XkXF/c0nmggiBGSife1W5l23FfIJL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-