General
-
Target
af46e332f14e11497b4a1a551788c1025af68320de0eb5fd9d79c40749fa4337
-
Size
55KB
-
Sample
221203-chnhzsef88
-
MD5
075211c5766cfbd4e30c6e0e0ec854a3
-
SHA1
f5ced525c96b36568116d242e7cdde6be02063ae
-
SHA256
af46e332f14e11497b4a1a551788c1025af68320de0eb5fd9d79c40749fa4337
-
SHA512
e8f83983763cd17dd3a73639c2c044511e773a3edc7dbf67c4edce066faf497d9fa588b0544b218bda897cbef85291dd173f14ca4e01fec72c13a191058d0711
-
SSDEEP
1536:sQNwdnpw5jjfZ9vQwwG5rtlMpKbhgwWhKC4j8Pt:sQMny5jzZBQww4tlMpWdCbPt
Static task
static1
Behavioral task
behavioral1
Sample
af46e332f14e11497b4a1a551788c1025af68320de0eb5fd9d79c40749fa4337.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://shilajit.biz/default.php?eDPUJpnHPW7ytIjBztXhA6clOcEx6I3gVfrFkQT
http://haidir.host22.com/default.php?jZSmd5LQhfOD3aoahfQiZ8UsyoRXViqhOU
http://bobblebook.com/default.php?OAwKZEinajudFBTtWAMNCAWxDLDhXeogxUgAV
http://bobblenovel.com/default.php?Tlom9R2gNadgP4YDhf2OjoRB8x2Mv6s7oZzY
http://containerwatergarden.com/default.php?3kYbHEBhrHn61DTW4IasCGNgUKq
Targets
-
-
Target
af46e332f14e11497b4a1a551788c1025af68320de0eb5fd9d79c40749fa4337
-
Size
55KB
-
MD5
075211c5766cfbd4e30c6e0e0ec854a3
-
SHA1
f5ced525c96b36568116d242e7cdde6be02063ae
-
SHA256
af46e332f14e11497b4a1a551788c1025af68320de0eb5fd9d79c40749fa4337
-
SHA512
e8f83983763cd17dd3a73639c2c044511e773a3edc7dbf67c4edce066faf497d9fa588b0544b218bda897cbef85291dd173f14ca4e01fec72c13a191058d0711
-
SSDEEP
1536:sQNwdnpw5jjfZ9vQwwG5rtlMpKbhgwWhKC4j8Pt:sQMny5jzZBQww4tlMpWdCbPt
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-