General
-
Target
c5a5436a186020a87e82302accd5110950f089d82ba920f029cd6994df72bb35
-
Size
132KB
-
Sample
221203-f44zmsha63
-
MD5
462f501c727cc81de7c5892c7772a99d
-
SHA1
24e073f3dbd0a5af5d6ab64ccf91ffd163623345
-
SHA256
c5a5436a186020a87e82302accd5110950f089d82ba920f029cd6994df72bb35
-
SHA512
dfc20aa14a0930df449c912140e23d153340e625b3f27257eedf0f0fe7667d59b19702ecbcd6525aca6d5277640061fa6532869ce343fedf65dc973f3fa431bf
-
SSDEEP
1536:DfbmUgeUtHmOC6Y2lciLKuIHe9J46geNIvB3Qo+OB6FLsjL7M3JhYxYuG0L1UldM:DfbmUkNmOJdlbvdY1ZvpQxOAhhcl0lP
Static task
static1
Behavioral task
behavioral1
Sample
c5a5436a186020a87e82302accd5110950f089d82ba920f029cd6994df72bb35.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://67.215.225.205:8080/ponys/gate.php
http://199.192.203.142/ponys/gate.php
-
payload_url
http://build-in.cz/CBopQ0TA/YD94an.exe
http://heincountry.com/Lx38YeDG/PZ2AC.exe
http://waxsurfers.com/KrYtpYBC/a0Y.exe
Targets
-
-
Target
c5a5436a186020a87e82302accd5110950f089d82ba920f029cd6994df72bb35
-
Size
132KB
-
MD5
462f501c727cc81de7c5892c7772a99d
-
SHA1
24e073f3dbd0a5af5d6ab64ccf91ffd163623345
-
SHA256
c5a5436a186020a87e82302accd5110950f089d82ba920f029cd6994df72bb35
-
SHA512
dfc20aa14a0930df449c912140e23d153340e625b3f27257eedf0f0fe7667d59b19702ecbcd6525aca6d5277640061fa6532869ce343fedf65dc973f3fa431bf
-
SSDEEP
1536:DfbmUgeUtHmOC6Y2lciLKuIHe9J46geNIvB3Qo+OB6FLsjL7M3JhYxYuG0L1UldM:DfbmUkNmOJdlbvdY1ZvpQxOAhhcl0lP
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-