General
-
Target
db02d48c5532d2dd53947d31a8dded7ff11bb9c32ceb0ede0aa479f0465231d7
-
Size
97KB
-
Sample
221126-kf1pjaeh55
-
MD5
add6ea4e9f82c7f5b5e03819efee28a8
-
SHA1
0c591fc364a63e0c9cff161bdc525950164ea23d
-
SHA256
db02d48c5532d2dd53947d31a8dded7ff11bb9c32ceb0ede0aa479f0465231d7
-
SHA512
e3dac21377e765b84bd6827a83293d2446716c5fc663764c94394d449d38aa89e64ceb1fb08fe40724a78aeb94fb4d79ff233a6700ab8977e7fdf572511d2957
-
SSDEEP
3072:VwJ52Y7ZoH5XJaxWqwI5PwKp+PkIJ9IG/LKKvPP4vEvf:VwHysYqt5PlpRIJ9Z/LNoK
Static task
static1
Behavioral task
behavioral1
Sample
db02d48c5532d2dd53947d31a8dded7ff11bb9c32ceb0ede0aa479f0465231d7.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://34324325kgkgfkgf.com/dffgbDFGvf465/YYf.php
http://dsffdsk323721372131.com/dffgbDFGvf465/YYf.php
http://fdshjfsh324332432.com/dffgbDFGvf465/YYf.php
http://jdsiwiqweiqwyreqwi.com/dffgbDFGvf465/YYf.php
Targets
-
-
Target
db02d48c5532d2dd53947d31a8dded7ff11bb9c32ceb0ede0aa479f0465231d7
-
Size
97KB
-
MD5
add6ea4e9f82c7f5b5e03819efee28a8
-
SHA1
0c591fc364a63e0c9cff161bdc525950164ea23d
-
SHA256
db02d48c5532d2dd53947d31a8dded7ff11bb9c32ceb0ede0aa479f0465231d7
-
SHA512
e3dac21377e765b84bd6827a83293d2446716c5fc663764c94394d449d38aa89e64ceb1fb08fe40724a78aeb94fb4d79ff233a6700ab8977e7fdf572511d2957
-
SSDEEP
3072:VwJ52Y7ZoH5XJaxWqwI5PwKp+PkIJ9IG/LKKvPP4vEvf:VwHysYqt5PlpRIJ9Z/LNoK
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-