General
-
Target
8428ad7c41f37ced05c36d87b7b8ae5ff5ad4bef6174fc5387461c2ae4249adc
-
Size
134KB
-
Sample
221201-csw8wafb48
-
MD5
56ab444756534d409aef0bbb67de9bf5
-
SHA1
ae4942b9f118fb66af31a97a6aaa7a08942bcaba
-
SHA256
8428ad7c41f37ced05c36d87b7b8ae5ff5ad4bef6174fc5387461c2ae4249adc
-
SHA512
655fce84e61fa13399596ac4d0b82ffe2709661dbc6fcd4558bd882ee459626fd61aa6c28138a3ff4032c8861f23f8019a717d66136e36f32ecae039d3d60e5a
-
SSDEEP
1536:p3PYxWVUYIfyAdrycyjirIyZJHgocb6D7rVWRuXe6dhtJYVFudlGpJ/As1Fi:RPY1lfblrVTH+6E4Xe6TjqFyIlXi
Static task
static1
Behavioral task
behavioral1
Sample
8428ad7c41f37ced05c36d87b7b8ae5ff5ad4bef6174fc5387461c2ae4249adc.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://212.58.20.11:8080/pony/gate.php
http://66.175.218.113/pony/gate.php
-
payload_url
http://lcopc.com/KVYoE.exe
http://www.bantak.dsdw.in.th/GTP7B.exe
http://junkfoodusa.com/vBSh1.exe
Targets
-
-
Target
8428ad7c41f37ced05c36d87b7b8ae5ff5ad4bef6174fc5387461c2ae4249adc
-
Size
134KB
-
MD5
56ab444756534d409aef0bbb67de9bf5
-
SHA1
ae4942b9f118fb66af31a97a6aaa7a08942bcaba
-
SHA256
8428ad7c41f37ced05c36d87b7b8ae5ff5ad4bef6174fc5387461c2ae4249adc
-
SHA512
655fce84e61fa13399596ac4d0b82ffe2709661dbc6fcd4558bd882ee459626fd61aa6c28138a3ff4032c8861f23f8019a717d66136e36f32ecae039d3d60e5a
-
SSDEEP
1536:p3PYxWVUYIfyAdrycyjirIyZJHgocb6D7rVWRuXe6dhtJYVFudlGpJ/As1Fi:RPY1lfblrVTH+6E4Xe6TjqFyIlXi
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-