General
-
Target
be066a26daf68e43deddd23a33c5ef641be66b543c60552c939d4250c2e56141
-
Size
144KB
-
Sample
221130-qvmdcaha8t
-
MD5
c404859150b29d1074d511b435098ff3
-
SHA1
221260c4c12f810768f795bb3ccb1431f45583a2
-
SHA256
be066a26daf68e43deddd23a33c5ef641be66b543c60552c939d4250c2e56141
-
SHA512
6cda78e86fbcbc1ee7e84576f5f130cb4c10031b97e4f39a5c989da7039cd5fc9165d5107d6c71079d672a03c2b2648439346c8c46097db8cc5ba61f9dbad09a
-
SSDEEP
3072:s0IYwk7xA1hBO7bvZreljmHITlbbxHZyVnVpaJ0opb+g9H:nIYwkdV7bBreRdBbbiRam++yH
Behavioral task
behavioral1
Sample
be066a26daf68e43deddd23a33c5ef641be66b543c60552c939d4250c2e56141.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
be066a26daf68e43deddd23a33c5ef641be66b543c60552c939d4250c2e56141.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://74.53.97.66:8080/forum/viewtopic.php
http://74.53.97.67:8080/forum/viewtopic.php
-
payload_url
http://boletin.puntoimpresion.com/Qnrnh53B.exe
http://www.vivaidiportanova.it/55V7.exe
http://www.urbyagri.es/s56k5.exe
http://etradi.webgenshop.nl/xWP.exe
Targets
-
-
Target
be066a26daf68e43deddd23a33c5ef641be66b543c60552c939d4250c2e56141
-
Size
144KB
-
MD5
c404859150b29d1074d511b435098ff3
-
SHA1
221260c4c12f810768f795bb3ccb1431f45583a2
-
SHA256
be066a26daf68e43deddd23a33c5ef641be66b543c60552c939d4250c2e56141
-
SHA512
6cda78e86fbcbc1ee7e84576f5f130cb4c10031b97e4f39a5c989da7039cd5fc9165d5107d6c71079d672a03c2b2648439346c8c46097db8cc5ba61f9dbad09a
-
SSDEEP
3072:s0IYwk7xA1hBO7bvZreljmHITlbbxHZyVnVpaJ0opb+g9H:nIYwkdV7bBreRdBbbiRam++yH
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-