General
-
Target
a53f2a09a4e4a2522b4cad46f744048beaa55084fb0982f1189fcaf36164623f
-
Size
1.2MB
-
Sample
221127-sqtyqsbh3z
-
MD5
f8161e8a13a21dabae65527a56657f16
-
SHA1
cf815c466843d425fb21001fbb6964552451f6ba
-
SHA256
a53f2a09a4e4a2522b4cad46f744048beaa55084fb0982f1189fcaf36164623f
-
SHA512
189f10c0565ae6a2d08569bfd3cc806f096389d7c06dfee68d36b56fce4acd94d0d8b36c8a336ea256f89e0c5a458b66705f94585a1cdacd9a9597801c26b074
-
SSDEEP
24576:WS1bBcWjWkK/ZTp/TNy+CmekoQeyzlO4MwVd4LrXKsljGF:W4ikuZTp/5y+VenBsObgEXX
Static task
static1
Behavioral task
behavioral1
Sample
a53f2a09a4e4a2522b4cad46f744048beaa55084fb0982f1189fcaf36164623f.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://alibaba007.comoj.com/html/gate.php
Extracted
nanocore
1.2.1.1
businessdb00.no-ip.biz:1999
businessdb01.no-ip.biz:1999
cfd529a1-d587-4775-9e78-6628c527f1a1
-
activate_away_mode
true
-
backup_connection_host
businessdb01.no-ip.biz
- backup_dns_server
-
buffer_size
65535
-
build_time
2014-09-21T04:11:02.597494336Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
1999
-
default_group
Alibaba
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
cfd529a1-d587-4775-9e78-6628c527f1a1
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
businessdb00.no-ip.biz
- primary_dns_server
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.1.1
-
wan_timeout
8000
Targets
-
-
Target
a53f2a09a4e4a2522b4cad46f744048beaa55084fb0982f1189fcaf36164623f
-
Size
1.2MB
-
MD5
f8161e8a13a21dabae65527a56657f16
-
SHA1
cf815c466843d425fb21001fbb6964552451f6ba
-
SHA256
a53f2a09a4e4a2522b4cad46f744048beaa55084fb0982f1189fcaf36164623f
-
SHA512
189f10c0565ae6a2d08569bfd3cc806f096389d7c06dfee68d36b56fce4acd94d0d8b36c8a336ea256f89e0c5a458b66705f94585a1cdacd9a9597801c26b074
-
SSDEEP
24576:WS1bBcWjWkK/ZTp/TNy+CmekoQeyzlO4MwVd4LrXKsljGF:W4ikuZTp/5y+VenBsObgEXX
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-