General
-
Target
858d7a87478b15a2567ab76f05336e65ee60a2c213420f702e392e5311ba7555
-
Size
161KB
-
Sample
221201-cnajbaef83
-
MD5
d1c3cc93072cd9c6a546fe565222bd57
-
SHA1
be15c5c22fcba2eb89fa46a98c668444a2046245
-
SHA256
858d7a87478b15a2567ab76f05336e65ee60a2c213420f702e392e5311ba7555
-
SHA512
c959294051b71062c12647603e29169709d7a94aa73292ab8f6bcdf78c7801ad645cb6bb6d55f23cc464dcca6c3b2d0f7138b418d8b69f352caed5596f7f9b9f
-
SSDEEP
3072:rw9HpNMvVthM+jUqaqjoL+poj2w9PSl4a3MDpn5jlZk:rw9HpNMtthMBJL+p+PSl4lJ5jlZk
Static task
static1
Behavioral task
behavioral1
Sample
858d7a87478b15a2567ab76f05336e65ee60a2c213420f702e392e5311ba7555.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
858d7a87478b15a2567ab76f05336e65ee60a2c213420f702e392e5311ba7555.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://ser.boarddogsurferjewelry.com/forum/viewtopic.php
http://ser.boreddogsurferjewelry.com/forum/viewtopic.php
-
payload_url
http://houseofhackney.com/k7grUh.exe
http://trucks4rent.com.au/y3A.exe
http://www.slgdev.com/09mZ.exe
http://sukarelawan.com.my/MgLJ.exe
http://www.conquestidiomas.com.br/2NJQ.exe
Targets
-
-
Target
858d7a87478b15a2567ab76f05336e65ee60a2c213420f702e392e5311ba7555
-
Size
161KB
-
MD5
d1c3cc93072cd9c6a546fe565222bd57
-
SHA1
be15c5c22fcba2eb89fa46a98c668444a2046245
-
SHA256
858d7a87478b15a2567ab76f05336e65ee60a2c213420f702e392e5311ba7555
-
SHA512
c959294051b71062c12647603e29169709d7a94aa73292ab8f6bcdf78c7801ad645cb6bb6d55f23cc464dcca6c3b2d0f7138b418d8b69f352caed5596f7f9b9f
-
SSDEEP
3072:rw9HpNMvVthM+jUqaqjoL+poj2w9PSl4a3MDpn5jlZk:rw9HpNMtthMBJL+p+PSl4lJ5jlZk
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-