General
-
Target
6d813aca96b12db993c8e7a8d1db6cfe4929238c48761e9441bbb9a81a31f89e
-
Size
128KB
-
Sample
221128-gw843abd78
-
MD5
9499724bf606d914ee12105fbd754de4
-
SHA1
618b6b3d01f746e7ab5741f1585901f7879f249c
-
SHA256
6d813aca96b12db993c8e7a8d1db6cfe4929238c48761e9441bbb9a81a31f89e
-
SHA512
65e45a9edcea5a3ab5ca63b3f5323749b5cfc43521a67637ba2d6a2d4268d2cc195a58c0b46b8dd21e23e72c0213874503c609799488359934684972c56b79ac
-
SSDEEP
3072:uGHi6mwnuRP5oNRw6BxqzF4tKzL1xqDHhJVPhwcj:+4u74Rw6B3tKzTqDHhfPhf
Static task
static1
Behavioral task
behavioral1
Sample
6d813aca96b12db993c8e7a8d1db6cfe4929238c48761e9441bbb9a81a31f89e.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://67.215.225.205:8080/forum/viewtopic.php
http://216.231.139.111/forum/viewtopic.php
-
payload_url
http://barna-consulting.info/bsnCqdm3.exe
http://dobracoconstrucoes.com.br/AR5rrw.exe
http://ftp.spaziometi.org/nPgqe.exe
Targets
-
-
Target
6d813aca96b12db993c8e7a8d1db6cfe4929238c48761e9441bbb9a81a31f89e
-
Size
128KB
-
MD5
9499724bf606d914ee12105fbd754de4
-
SHA1
618b6b3d01f746e7ab5741f1585901f7879f249c
-
SHA256
6d813aca96b12db993c8e7a8d1db6cfe4929238c48761e9441bbb9a81a31f89e
-
SHA512
65e45a9edcea5a3ab5ca63b3f5323749b5cfc43521a67637ba2d6a2d4268d2cc195a58c0b46b8dd21e23e72c0213874503c609799488359934684972c56b79ac
-
SSDEEP
3072:uGHi6mwnuRP5oNRw6BxqzF4tKzL1xqDHhJVPhwcj:+4u74Rw6B3tKzTqDHhfPhf
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-