General
-
Target
874487fc375dec18195e7e5cad2176994cb3429717b3607d9e4fea4503a45291
-
Size
1.4MB
-
Sample
221126-fa9yssfg6x
-
MD5
113e8b10637e6cc627646137a72b5c5f
-
SHA1
5a24bf144e5b2f0389fab918de5e8a80c1dfae4c
-
SHA256
874487fc375dec18195e7e5cad2176994cb3429717b3607d9e4fea4503a45291
-
SHA512
9dae0644e39297e69cd017f6e05aad5a4eba8e42176423c97b4ca83397d21bf060304e061305a9dc3f8b5de0bc38f6c60d791e8e372fb7e380f2a2b38df20628
-
SSDEEP
24576:o9nu6U6JccV5SbELQqxIA3D1RzjfhkOhNRTmpREDh4XJLqYra/dnu6U6JccV5Sbj:o9nu6Dac/SILQqxIA3D1RzjfhkOhNRT6
Static task
static1
Behavioral task
behavioral1
Sample
874487fc375dec18195e7e5cad2176994cb3429717b3607d9e4fea4503a45291.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
874487fc375dec18195e7e5cad2176994cb3429717b3607d9e4fea4503a45291.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://coco-bomgo.ru/wp-content/themes/twentytwelve/admin1/php/gate.php
Targets
-
-
Target
874487fc375dec18195e7e5cad2176994cb3429717b3607d9e4fea4503a45291
-
Size
1.4MB
-
MD5
113e8b10637e6cc627646137a72b5c5f
-
SHA1
5a24bf144e5b2f0389fab918de5e8a80c1dfae4c
-
SHA256
874487fc375dec18195e7e5cad2176994cb3429717b3607d9e4fea4503a45291
-
SHA512
9dae0644e39297e69cd017f6e05aad5a4eba8e42176423c97b4ca83397d21bf060304e061305a9dc3f8b5de0bc38f6c60d791e8e372fb7e380f2a2b38df20628
-
SSDEEP
24576:o9nu6U6JccV5SbELQqxIA3D1RzjfhkOhNRTmpREDh4XJLqYra/dnu6U6JccV5Sbj:o9nu6Dac/SILQqxIA3D1RzjfhkOhNRT6
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-