General
-
Target
bd9ee3c435905228e23d1ea5cc757ca2dc35002bfce836bed6ba7ee960b659d9
-
Size
97KB
-
Sample
221203-gwsr3see7y
-
MD5
73528061fe1ac655235a17ef5a395a54
-
SHA1
c58ca4ed1162c29c06d3218e4f829ed0dcd96e34
-
SHA256
bd9ee3c435905228e23d1ea5cc757ca2dc35002bfce836bed6ba7ee960b659d9
-
SHA512
2b0914b789fbe758fb83b791ec658ea62ffeda790d39889327d470fee2d2a0213017eee08aec7a00bcaa36bc27fc20866431cbb932f5c55c22850cfab09238e9
-
SSDEEP
3072:uxXegqr9jqTfTPbDgw1nRqMrCBdBIDTov2iJGMfo:18qN8U+S
Static task
static1
Behavioral task
behavioral1
Sample
bd9ee3c435905228e23d1ea5cc757ca2dc35002bfce836bed6ba7ee960b659d9.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://209.59.222.170/forum/viewtopic.php
http://50.116.34.38/forum/viewtopic.php
-
payload_url
http://ftp.approachit.com/jZy.exe
http://atualizacoes.issqn.net/FhPD.exe
http://homeringer.com/tWEkgm.exe
Targets
-
-
Target
bd9ee3c435905228e23d1ea5cc757ca2dc35002bfce836bed6ba7ee960b659d9
-
Size
97KB
-
MD5
73528061fe1ac655235a17ef5a395a54
-
SHA1
c58ca4ed1162c29c06d3218e4f829ed0dcd96e34
-
SHA256
bd9ee3c435905228e23d1ea5cc757ca2dc35002bfce836bed6ba7ee960b659d9
-
SHA512
2b0914b789fbe758fb83b791ec658ea62ffeda790d39889327d470fee2d2a0213017eee08aec7a00bcaa36bc27fc20866431cbb932f5c55c22850cfab09238e9
-
SSDEEP
3072:uxXegqr9jqTfTPbDgw1nRqMrCBdBIDTov2iJGMfo:18qN8U+S
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-