General
-
Target
1c011c2bdd55b37606417469f394c476e9564ae39517a712bdd36bebffffefff
-
Size
107KB
-
Sample
221127-jqqfwaba27
-
MD5
49b40f453419bdac5b94b40588d9956a
-
SHA1
76cc3c5c549ebbcc99de2127e8f37e53376b3c4b
-
SHA256
1c011c2bdd55b37606417469f394c476e9564ae39517a712bdd36bebffffefff
-
SHA512
0e6c3ea8f7e5366a1948318c3d54dfb02ed1ef136e41cbcd8ccb97a463ee2ae07897aff9a28d001c839d97a4a192dafa08b007a1e79282a88b73dbb8e4372297
-
SSDEEP
3072:JAsj8MBX8s0oXJ245zC6tTp/ibKQzAA0ijJub6Od:JAsBZAcptg/IijJK6c
Static task
static1
Behavioral task
behavioral1
Sample
1c011c2bdd55b37606417469f394c476e9564ae39517a712bdd36bebffffefff.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://gdfsgvcx342234fdsf.com/dffgbDFGvf465/YYf.php
http://gbvfdewquyt432.com/dffgbDFGvf465/YYf.php
http://pooikjlmfsdf.com/dffgbDFGvf465/YYf.php
http://qwesaddgdf456ret34.com/dffgbDFGvf465/YYf.php
http://xcvgfduytasdewr.com/dffgbDFGvf465/YYf.php
http://po34234jjjjj.com/dffgbDFGvf465/YYf.php
http://234rwrtret5345534.com/dffgbDFGvf465/YYf.php
Targets
-
-
Target
1c011c2bdd55b37606417469f394c476e9564ae39517a712bdd36bebffffefff
-
Size
107KB
-
MD5
49b40f453419bdac5b94b40588d9956a
-
SHA1
76cc3c5c549ebbcc99de2127e8f37e53376b3c4b
-
SHA256
1c011c2bdd55b37606417469f394c476e9564ae39517a712bdd36bebffffefff
-
SHA512
0e6c3ea8f7e5366a1948318c3d54dfb02ed1ef136e41cbcd8ccb97a463ee2ae07897aff9a28d001c839d97a4a192dafa08b007a1e79282a88b73dbb8e4372297
-
SSDEEP
3072:JAsj8MBX8s0oXJ245zC6tTp/ibKQzAA0ijJub6Od:JAsBZAcptg/IijJK6c
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-