General
-
Target
e6a05acd0053c9c1b0a9b1883450122a0c9fc6f96a301326690625de3e66d585
-
Size
230KB
-
Sample
221126-vraycsag52
-
MD5
5224dee01a6ce43158f41f60f486d923
-
SHA1
258b14508fabcecfb59cacc5d693ba7f70980a9c
-
SHA256
e6a05acd0053c9c1b0a9b1883450122a0c9fc6f96a301326690625de3e66d585
-
SHA512
d88fb01941b5427ca65786708097e00be0d6c0d64a89389e82588d14cd81e1e743e2b93c9a67b73747936e4fc28babb1924d6a0361b9623724de8c079e6ead97
-
SSDEEP
6144:GwG+faWhsNLwcdFeda5ccRmE25um+tHuo4OGZ4xPq6:csaWhsNL5Jmx/+tF4Yq6
Static task
static1
Behavioral task
behavioral1
Sample
e6a05acd0053c9c1b0a9b1883450122a0c9fc6f96a301326690625de3e66d585.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://www.retetethermomix.ro/wp-includes/fonts/fonts.php
http://www.sumterswebdesign.com/wp-content/themes/throttle.php
http://www.schenkdirgesundheit.com/wp-content/plugins/plugins.php
http://youngswanky.com/wp-includes/pomo/com_jumi.php
http://www.savingmummy.com.au/wp-content/upgrade/upgrade.php
http://alejandropawliszyn.com//apweb/wp-adminshortcut.php
http://ankaraotodoseme.org/wp-includes/fonts/fonts.php
http://arabicgermany.com/wp-includes/certificates/88nicholasroberts.php
http://artemis.isolutiontank.com/wp-includes/pomo/i.php
http://beatcancerinms.com//yahoo_site_admin/credentialspierwsza-pomoc.php
http://canyonsdelmaresme.cat/wp-content/languages/languages.php
http://campoflor.com/wp-includes/pomo/Circolari.php
http://cekharga.ariefew.com/wp-includes/certificates/boredbreak.php
http://cekharga.ariefew.com/wp-admin/js/arealsoft2.0.php
http://castleconifer.com/wp-admin/includes/payment.php
http://christcommunitycogic.org/pwksfmaw/klsjdvbss/th-TH.php
http://cinema175.com/ecupidthemovie/contact/contact.php
Targets
-
-
Target
e6a05acd0053c9c1b0a9b1883450122a0c9fc6f96a301326690625de3e66d585
-
Size
230KB
-
MD5
5224dee01a6ce43158f41f60f486d923
-
SHA1
258b14508fabcecfb59cacc5d693ba7f70980a9c
-
SHA256
e6a05acd0053c9c1b0a9b1883450122a0c9fc6f96a301326690625de3e66d585
-
SHA512
d88fb01941b5427ca65786708097e00be0d6c0d64a89389e82588d14cd81e1e743e2b93c9a67b73747936e4fc28babb1924d6a0361b9623724de8c079e6ead97
-
SSDEEP
6144:GwG+faWhsNLwcdFeda5ccRmE25um+tHuo4OGZ4xPq6:csaWhsNL5Jmx/+tF4Yq6
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-