General
-
Target
c120eb1a3eaf230164d62c5e44d1be3b25c76e726db6e6ac67c6f49652b977a3
-
Size
136KB
-
Sample
221203-gj4ntaac26
-
MD5
011e60c2589c8fb1415561bbc4ab4c88
-
SHA1
aad41219276ce63e0d3bc29e026de1ed95c5a9df
-
SHA256
c120eb1a3eaf230164d62c5e44d1be3b25c76e726db6e6ac67c6f49652b977a3
-
SHA512
f61a472817d04a68228625bf5c9c226663cf51141c9cca625f6488907993d86beb510b3935e90237a1c1b8182b405e194f6a95b9a0b3f7b1562590782e4095e1
-
SSDEEP
1536:tbxJBKyKhLaSv3tHhPys8ltPv/UXdgjQfxL/2TekbTF9JYwnJOe2LoM+t0wrPOxJ:+EG9HhasIvcdgjGmJ9hnJOe1htk1xd
Static task
static1
Behavioral task
behavioral1
Sample
c120eb1a3eaf230164d62c5e44d1be3b25c76e726db6e6ac67c6f49652b977a3.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://108.178.59.6/forum/viewtopic.php
http://209.59.212.151/forum/viewtopic.php
-
payload_url
http://download.diocesisaluzzo.it/Diba.exe
http://cartagenarelax.com/wVM.exe
http://vogimport.debugmania.com/4AN.exe
Targets
-
-
Target
c120eb1a3eaf230164d62c5e44d1be3b25c76e726db6e6ac67c6f49652b977a3
-
Size
136KB
-
MD5
011e60c2589c8fb1415561bbc4ab4c88
-
SHA1
aad41219276ce63e0d3bc29e026de1ed95c5a9df
-
SHA256
c120eb1a3eaf230164d62c5e44d1be3b25c76e726db6e6ac67c6f49652b977a3
-
SHA512
f61a472817d04a68228625bf5c9c226663cf51141c9cca625f6488907993d86beb510b3935e90237a1c1b8182b405e194f6a95b9a0b3f7b1562590782e4095e1
-
SSDEEP
1536:tbxJBKyKhLaSv3tHhPys8ltPv/UXdgjQfxL/2TekbTF9JYwnJOe2LoM+t0wrPOxJ:+EG9HhasIvcdgjGmJ9hnJOe1htk1xd
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-