General
-
Target
3b21c9b770bdfe16ab50c88a4d0daf10cbc90efc9d0a4e4e7bd6cf07104c6c98
-
Size
468KB
-
Sample
221128-mvndvscg7t
-
MD5
b6843f93ba472e9a18bacead1573596f
-
SHA1
cbe1a3ce097bdb4b25f647ccccb891ffb3c6e529
-
SHA256
3b21c9b770bdfe16ab50c88a4d0daf10cbc90efc9d0a4e4e7bd6cf07104c6c98
-
SHA512
b6657df6478e1e4b607e15a1b5f6aa93a2a08caa6c1ea70fa13529a02c60fed3406433c91c475c512de7d19ff1586c96d2d3a311562ed6f8ba400da6100b040c
-
SSDEEP
3072:ENZGGl2ccmCiL35QksWmZ/Dkw1itSqEKRVDOcgiFg72xaWF:ENZG5ccm9HmxDNW3Kcba
Static task
static1
Behavioral task
behavioral1
Sample
3b21c9b770bdfe16ab50c88a4d0daf10cbc90efc9d0a4e4e7bd6cf07104c6c98.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://hytlfe.com/me/mf/shit.php
-
payload_url
http://hytlfe.com/me/mf/zcong.exe
Targets
-
-
Target
3b21c9b770bdfe16ab50c88a4d0daf10cbc90efc9d0a4e4e7bd6cf07104c6c98
-
Size
468KB
-
MD5
b6843f93ba472e9a18bacead1573596f
-
SHA1
cbe1a3ce097bdb4b25f647ccccb891ffb3c6e529
-
SHA256
3b21c9b770bdfe16ab50c88a4d0daf10cbc90efc9d0a4e4e7bd6cf07104c6c98
-
SHA512
b6657df6478e1e4b607e15a1b5f6aa93a2a08caa6c1ea70fa13529a02c60fed3406433c91c475c512de7d19ff1586c96d2d3a311562ed6f8ba400da6100b040c
-
SSDEEP
3072:ENZGGl2ccmCiL35QksWmZ/Dkw1itSqEKRVDOcgiFg72xaWF:ENZG5ccm9HmxDNW3Kcba
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-