General
-
Target
53230e34b5f729957c76a65ad0f2f229f7b429b8e57d79e2ba41c449fd2a44b0
-
Size
143KB
-
Sample
221127-m4xc5aca46
-
MD5
021585c4015ba9cadb9e96f16ac3f408
-
SHA1
deab89c569586d4ba314f2854c82ef6c418f68ca
-
SHA256
53230e34b5f729957c76a65ad0f2f229f7b429b8e57d79e2ba41c449fd2a44b0
-
SHA512
2ab0fb30ef725f963a15f94b7c451caf89135b26c068f1382219a74e667e57ea4d03c1f893ee480314fd0d4fd4e3d55b4affc360f76ac28160c05f46107d4720
-
SSDEEP
3072:Xy6VEpmWXoDB4qbnI6MuqtZPHnoXCG295gF9i:HVE1XVqb2XHM2Xg+
Behavioral task
behavioral1
Sample
53230e34b5f729957c76a65ad0f2f229f7b429b8e57d79e2ba41c449fd2a44b0.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://204.145.81.46/pony/gate.php
http://64.111.24.123/pony/gate.php
-
payload_url
http://www.radiooisvira.com/2DnBty.exe
http://cencardelmagdalena.com/NAKud.exe
http://chacaracantinhodoceu.com.br/ZCy3b1.exe
Targets
-
-
Target
53230e34b5f729957c76a65ad0f2f229f7b429b8e57d79e2ba41c449fd2a44b0
-
Size
143KB
-
MD5
021585c4015ba9cadb9e96f16ac3f408
-
SHA1
deab89c569586d4ba314f2854c82ef6c418f68ca
-
SHA256
53230e34b5f729957c76a65ad0f2f229f7b429b8e57d79e2ba41c449fd2a44b0
-
SHA512
2ab0fb30ef725f963a15f94b7c451caf89135b26c068f1382219a74e667e57ea4d03c1f893ee480314fd0d4fd4e3d55b4affc360f76ac28160c05f46107d4720
-
SSDEEP
3072:Xy6VEpmWXoDB4qbnI6MuqtZPHnoXCG295gF9i:HVE1XVqb2XHM2Xg+
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-