General
-
Target
cf570815306099593abf413a10f2c9df47286aecad76007195ca30fd1df6c9b7
-
Size
135KB
-
Sample
221126-tmr6eaah2s
-
MD5
5fd6ef9e99c8cc04fcbc7f63af2e8aa2
-
SHA1
db072d28acca215f231c3504fdef72acb62b5009
-
SHA256
cf570815306099593abf413a10f2c9df47286aecad76007195ca30fd1df6c9b7
-
SHA512
89734689933b45e763efa75286727b6b7152329ee83d81e7487fc5efe61e329f24204e9b5bbe97da13ffda9ae593ef0311d52bb6796d54ae8ea2dce91eb71cd9
-
SSDEEP
3072:dPY1lfhZlQOTlz3gfrVmUrPKJo8fRnbDJji:azQkgfPul+
Static task
static1
Behavioral task
behavioral1
Sample
cf570815306099593abf413a10f2c9df47286aecad76007195ca30fd1df6c9b7.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://212.58.20.11:8080/ponys/gate.php
http://66.175.220.109/ponys/gate.php
-
payload_url
http://the3amis.com/16Z.exe
http://globaldirectorieshr.com/vfXCsg.exe
http://theempiregame.net/ihiG7.exe
http://hotelpanamericano.com.ec/2CBbBKd.exe
http://didgitcobbleheart.com/922NZZzR.exe
http://kurdbook.com/Gahm.exe
http://oferta-zilei.com/L583.exe
http://danceroads.gr/owkmB7DW.exe
http://173.201.98.138/xePF.exe
Targets
-
-
Target
cf570815306099593abf413a10f2c9df47286aecad76007195ca30fd1df6c9b7
-
Size
135KB
-
MD5
5fd6ef9e99c8cc04fcbc7f63af2e8aa2
-
SHA1
db072d28acca215f231c3504fdef72acb62b5009
-
SHA256
cf570815306099593abf413a10f2c9df47286aecad76007195ca30fd1df6c9b7
-
SHA512
89734689933b45e763efa75286727b6b7152329ee83d81e7487fc5efe61e329f24204e9b5bbe97da13ffda9ae593ef0311d52bb6796d54ae8ea2dce91eb71cd9
-
SSDEEP
3072:dPY1lfhZlQOTlz3gfrVmUrPKJo8fRnbDJji:azQkgfPul+
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-