General
-
Target
c8fe9e4b77552fcbca10a847cb243577ffb7b8f85765d79a9741207fa5a90e87
-
Size
132KB
-
Sample
221203-fq99habd3y
-
MD5
874a5fadebdd6b3b08d010f87672b7e0
-
SHA1
cc63f9975a05fdc7689f4e7da001f25ca921d1f2
-
SHA256
c8fe9e4b77552fcbca10a847cb243577ffb7b8f85765d79a9741207fa5a90e87
-
SHA512
f166d8daeab3ebfe6915176aac66a99840d95a1afcc2dfe0c9c9a449b793b3235b56ba112102a008d09a3b62103fe20f807b53036f8e82eacfcdbc368b20a338
-
SSDEEP
3072:DfbmUkNmOJlwwbO6Bmz9QKtOMGDtg3KxnP:jb/k7/ZB29IMiq3W
Static task
static1
Behavioral task
behavioral1
Sample
c8fe9e4b77552fcbca10a847cb243577ffb7b8f85765d79a9741207fa5a90e87.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://67.215.225.205:8080/forum/viewtopic.php
http://74.91.117.190/forum/viewtopic.php
-
payload_url
http://ftp.approachit.com/jZy.exe
http://atualizacoes.issqn.net/FhPD.exe
http://tokulances.sitebr.net/jV1.exe
Targets
-
-
Target
c8fe9e4b77552fcbca10a847cb243577ffb7b8f85765d79a9741207fa5a90e87
-
Size
132KB
-
MD5
874a5fadebdd6b3b08d010f87672b7e0
-
SHA1
cc63f9975a05fdc7689f4e7da001f25ca921d1f2
-
SHA256
c8fe9e4b77552fcbca10a847cb243577ffb7b8f85765d79a9741207fa5a90e87
-
SHA512
f166d8daeab3ebfe6915176aac66a99840d95a1afcc2dfe0c9c9a449b793b3235b56ba112102a008d09a3b62103fe20f807b53036f8e82eacfcdbc368b20a338
-
SSDEEP
3072:DfbmUkNmOJlwwbO6Bmz9QKtOMGDtg3KxnP:jb/k7/ZB29IMiq3W
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-