General
-
Target
cd10e71749a41783ccf5bcd2bb195a6c310622015c353e6c8636551532e45c66
-
Size
98KB
-
Sample
221128-tlwgfafg33
-
MD5
0a957d9fc1bd02d1c06a815fe37f67de
-
SHA1
fd7ca5231cb771a9556a3083d4be1bf43fdd673d
-
SHA256
cd10e71749a41783ccf5bcd2bb195a6c310622015c353e6c8636551532e45c66
-
SHA512
5c625bf004f47854d40fd467fd4fc0d12c49c49626143e027673f94dfcc0b39cb9dd5eb7a0fb6b79088300d7be80e99908541ad6d1ffa4d27a6fd06bc6f23bba
-
SSDEEP
3072:K8Dsp+FNX1dFOvDlXJuiWvfZcmCfP2+IyzCIzxizsME4l:K8dNXSEBXamCfP2HyjdG
Static task
static1
Behavioral task
behavioral1
Sample
cd10e71749a41783ccf5bcd2bb195a6c310622015c353e6c8636551532e45c66.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://34324325kgkgfkgf.com/dffgbDFGvf465/YYf.php
http://dsffdsk323721372131.com/dffgbDFGvf465/YYf.php
http://fdshjfsh324332432.com/dffgbDFGvf465/YYf.php
http://jdsiwiqweiqwyreqwi.com/dffgbDFGvf465/YYf.php
Targets
-
-
Target
cd10e71749a41783ccf5bcd2bb195a6c310622015c353e6c8636551532e45c66
-
Size
98KB
-
MD5
0a957d9fc1bd02d1c06a815fe37f67de
-
SHA1
fd7ca5231cb771a9556a3083d4be1bf43fdd673d
-
SHA256
cd10e71749a41783ccf5bcd2bb195a6c310622015c353e6c8636551532e45c66
-
SHA512
5c625bf004f47854d40fd467fd4fc0d12c49c49626143e027673f94dfcc0b39cb9dd5eb7a0fb6b79088300d7be80e99908541ad6d1ffa4d27a6fd06bc6f23bba
-
SSDEEP
3072:K8Dsp+FNX1dFOvDlXJuiWvfZcmCfP2+IyzCIzxizsME4l:K8dNXSEBXamCfP2HyjdG
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-