General
-
Target
b6f32b94c09053d61f2ce22c4bd312e7a78cea79c51723ead4974b3f23f111ca
-
Size
132KB
-
Sample
221203-hj3l7ada94
-
MD5
e52637bfc92fffb3967dc4af77962bc8
-
SHA1
538f4bb2ef098d84064cc508b8fbdcdc511d8acb
-
SHA256
b6f32b94c09053d61f2ce22c4bd312e7a78cea79c51723ead4974b3f23f111ca
-
SHA512
76619d89ae52e816f1d331aa84750e0ad5af33cdde55de0923d07fdfae3b41406c1406aeccb446f63163f00be0abb858446911147b9d17cbff5b066ad3340058
-
SSDEEP
3072:DfbmUkNmOJygj3Dqk87l2Io5Sza10LV5F6cAu2P:jb/k7yFkg0szaOLV5F6Vu0
Static task
static1
Behavioral task
behavioral1
Sample
b6f32b94c09053d61f2ce22c4bd312e7a78cea79c51723ead4974b3f23f111ca.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://67.215.225.205:8080/forum/viewtopic.php
http://199.192.203.142/forum/viewtopic.php
-
payload_url
http://fuerzav.vectorialstudios.com/4Gxf.exe
http://fuszerboltom.hu/Hd0.exe
http://successwithmichael.com/Dj8vftG.exe
http://castgroup.gr/fwu4.exe
http://piscinasangra.com/oP3yge.exe
http://p933.phpnet.org/0uVk8W2Z.exe
Targets
-
-
Target
b6f32b94c09053d61f2ce22c4bd312e7a78cea79c51723ead4974b3f23f111ca
-
Size
132KB
-
MD5
e52637bfc92fffb3967dc4af77962bc8
-
SHA1
538f4bb2ef098d84064cc508b8fbdcdc511d8acb
-
SHA256
b6f32b94c09053d61f2ce22c4bd312e7a78cea79c51723ead4974b3f23f111ca
-
SHA512
76619d89ae52e816f1d331aa84750e0ad5af33cdde55de0923d07fdfae3b41406c1406aeccb446f63163f00be0abb858446911147b9d17cbff5b066ad3340058
-
SSDEEP
3072:DfbmUkNmOJygj3Dqk87l2Io5Sza10LV5F6cAu2P:jb/k7yFkg0szaOLV5F6Vu0
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-