General
-
Target
713dc380a4ad3ebcef42dcb155423e79c495862bb29ec39901c3d913cbfe40cc
-
Size
85KB
-
Sample
221127-nxs8kaec27
-
MD5
6992e815783c9d4f36cab05b710c9d49
-
SHA1
1ba2792d91412b06e7d18b7c02216215ababb36e
-
SHA256
713dc380a4ad3ebcef42dcb155423e79c495862bb29ec39901c3d913cbfe40cc
-
SHA512
3dcf51e7335118af64e8c944b41d6b6a709ed0bea050d8377cbfe16c088db99bdbb866d1655e15324b9d48d577d0b52e40fae30b13296330b71e56d86a1beb1b
-
SSDEEP
768:P1Iu9wrSiFGhK3N1F9EDEAnfmlNIIbODMDc7hpClVhEXhgGq2mLRDL7h4em6iVPP:P1I8wgEQGyz7h6XBi6RH7SHeuIxhWJA
Static task
static1
Behavioral task
behavioral1
Sample
713dc380a4ad3ebcef42dcb155423e79c495862bb29ec39901c3d913cbfe40cc.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
713dc380a4ad3ebcef42dcb155423e79c495862bb29ec39901c3d913cbfe40cc.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://91.238.82.93/internet_md.php
http://5.135.8.76/e8aab2477/ijo39iv0aq3r
http://91.220.35.48/fb/internet.php
Targets
-
-
Target
713dc380a4ad3ebcef42dcb155423e79c495862bb29ec39901c3d913cbfe40cc
-
Size
85KB
-
MD5
6992e815783c9d4f36cab05b710c9d49
-
SHA1
1ba2792d91412b06e7d18b7c02216215ababb36e
-
SHA256
713dc380a4ad3ebcef42dcb155423e79c495862bb29ec39901c3d913cbfe40cc
-
SHA512
3dcf51e7335118af64e8c944b41d6b6a709ed0bea050d8377cbfe16c088db99bdbb866d1655e15324b9d48d577d0b52e40fae30b13296330b71e56d86a1beb1b
-
SSDEEP
768:P1Iu9wrSiFGhK3N1F9EDEAnfmlNIIbODMDc7hpClVhEXhgGq2mLRDL7h4em6iVPP:P1I8wgEQGyz7h6XBi6RH7SHeuIxhWJA
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-