General
-
Target
b0c3e97a5b0aedfa8303ead48f62dccff2afde5d926213fcf0ed4df5b6bf3bfa
-
Size
280KB
-
Sample
221128-qfdsnaah6x
-
MD5
8e88887f8e0eb0e6269fa4ffe7514b58
-
SHA1
f39a20ef2f07f21523f202b43581979fbee520a9
-
SHA256
b0c3e97a5b0aedfa8303ead48f62dccff2afde5d926213fcf0ed4df5b6bf3bfa
-
SHA512
2b62f96f73bde66ee74a463c8a17829850acfac031d40047ce15e625292a8fd465701df038005b6f80b2cb0fac2cb1219690fc69e985ff334e76821db059eac6
-
SSDEEP
6144:sFPYyAVvBeXVS8w8eWDvUWRhTK2PCzesW8Jn29:sFdnXpw8DMWRhTK2PCzesW8U
Static task
static1
Behavioral task
behavioral1
Sample
b0c3e97a5b0aedfa8303ead48f62dccff2afde5d926213fcf0ed4df5b6bf3bfa.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://orji.host22.com/PonyPHP/gate.php
Targets
-
-
Target
b0c3e97a5b0aedfa8303ead48f62dccff2afde5d926213fcf0ed4df5b6bf3bfa
-
Size
280KB
-
MD5
8e88887f8e0eb0e6269fa4ffe7514b58
-
SHA1
f39a20ef2f07f21523f202b43581979fbee520a9
-
SHA256
b0c3e97a5b0aedfa8303ead48f62dccff2afde5d926213fcf0ed4df5b6bf3bfa
-
SHA512
2b62f96f73bde66ee74a463c8a17829850acfac031d40047ce15e625292a8fd465701df038005b6f80b2cb0fac2cb1219690fc69e985ff334e76821db059eac6
-
SSDEEP
6144:sFPYyAVvBeXVS8w8eWDvUWRhTK2PCzesW8Jn29:sFdnXpw8DMWRhTK2PCzesW8U
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-