General
-
Target
d45f65c6e3330ac53c483a7557e1e20fd3c07ae06ade2ce6426d47826e9409d6
-
Size
44KB
-
Sample
221203-ax436sda9s
-
MD5
0769c81e2283601ebce36748c30465a6
-
SHA1
20d82065d8939d2d0387725e9eaa116df0a0332e
-
SHA256
d45f65c6e3330ac53c483a7557e1e20fd3c07ae06ade2ce6426d47826e9409d6
-
SHA512
edc0f47530775d047666c5986357c306013beffbc0c31769a338b820928c66fa4f30773a47c61a7948275098b57459b5e7c1d60843a911dcb09a1893801af3d2
-
SSDEEP
768:2iDtiVdDCDlfqr7bIO5HvVlAPl/PxPZDPCmKacT4ornKdyuuJ:nRiV0Dle7kgHvV+NBdPCmcpnKAJ
Static task
static1
Behavioral task
behavioral1
Sample
d45f65c6e3330ac53c483a7557e1e20fd3c07ae06ade2ce6426d47826e9409d6.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://149.255.99.32:8080/forum/viewtopic.php
http://69.163.40.128/forum/viewtopic.php
-
payload_url
http://atualizacoes.issqn.net/FhPD.exe
http://rampazzo.com.br/mbhyAkQ.exe
http://homeringer.com/tWEkgm.exe
Targets
-
-
Target
d45f65c6e3330ac53c483a7557e1e20fd3c07ae06ade2ce6426d47826e9409d6
-
Size
44KB
-
MD5
0769c81e2283601ebce36748c30465a6
-
SHA1
20d82065d8939d2d0387725e9eaa116df0a0332e
-
SHA256
d45f65c6e3330ac53c483a7557e1e20fd3c07ae06ade2ce6426d47826e9409d6
-
SHA512
edc0f47530775d047666c5986357c306013beffbc0c31769a338b820928c66fa4f30773a47c61a7948275098b57459b5e7c1d60843a911dcb09a1893801af3d2
-
SSDEEP
768:2iDtiVdDCDlfqr7bIO5HvVlAPl/PxPZDPCmKacT4ornKdyuuJ:nRiV0Dle7kgHvV+NBdPCmcpnKAJ
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-