General
-
Target
c66b25e60c20602c5be07e03d4eee40a16a045d2db2354beaa99511d108a4b31
-
Size
102KB
-
Sample
221203-f2csdagg75
-
MD5
2ae8eb8eacd2351f14501326e537d9bc
-
SHA1
2adbea2512c3a13395b2934d1de8d610b97a07f0
-
SHA256
c66b25e60c20602c5be07e03d4eee40a16a045d2db2354beaa99511d108a4b31
-
SHA512
4d016d42501189ca5ddf2c42e394edea25a973bc7525bce13cfab0c83683c5bef4c08c781a5951c34b6848dcc1089a4958ee0300f8d9150f63c971fb7644e1d1
-
SSDEEP
3072:e1GIILYOLZpJoFnF6moAimmHyX7U/y+Q:e57OLDQDmScy+Q
Static task
static1
Behavioral task
behavioral1
Sample
c66b25e60c20602c5be07e03d4eee40a16a045d2db2354beaa99511d108a4b31.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://momus.com.tw:8080/pony/gate.php
http://72.5.102.224/pony/gate.php
-
payload_url
http://benihikanjogja.com/DxexAW1.exe
http://viveroparadiso.com.ar/NSyf.exe
http://www.jeveuxepargner.net/ab3GM.exe
Targets
-
-
Target
c66b25e60c20602c5be07e03d4eee40a16a045d2db2354beaa99511d108a4b31
-
Size
102KB
-
MD5
2ae8eb8eacd2351f14501326e537d9bc
-
SHA1
2adbea2512c3a13395b2934d1de8d610b97a07f0
-
SHA256
c66b25e60c20602c5be07e03d4eee40a16a045d2db2354beaa99511d108a4b31
-
SHA512
4d016d42501189ca5ddf2c42e394edea25a973bc7525bce13cfab0c83683c5bef4c08c781a5951c34b6848dcc1089a4958ee0300f8d9150f63c971fb7644e1d1
-
SSDEEP
3072:e1GIILYOLZpJoFnF6moAimmHyX7U/y+Q:e57OLDQDmScy+Q
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-