General
-
Target
b811cf758ddb3286c48cc05539810498a8f2d76404f431b57176706434f4d5d3
-
Size
144KB
-
Sample
221204-x6eafadb3x
-
MD5
9aac5437150f50bdb42b553a372a90ff
-
SHA1
a553859bf9d2a7b7704bd06fc85ce08530bf915f
-
SHA256
b811cf758ddb3286c48cc05539810498a8f2d76404f431b57176706434f4d5d3
-
SHA512
0723b41d4587e32169d222feb73321f2f23c68618b54a346bcb34667b6972368697d9cf0dc57adb472f8c0bc6716fce46a72ce74f10677dd36a91436aec59f6a
-
SSDEEP
3072:0jlKZelTDXHbSnCZYoB1rLAxgutQb0HdUyY6CpaJFsZLoYHY:4weljSn8YoLLVrbwzuaj2rH
Behavioral task
behavioral1
Sample
b811cf758ddb3286c48cc05539810498a8f2d76404f431b57176706434f4d5d3.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b811cf758ddb3286c48cc05539810498a8f2d76404f431b57176706434f4d5d3.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://74.53.97.66:8080/forum/viewtopic.php
http://74.53.97.67:8080/forum/viewtopic.php
-
payload_url
http://orion.obidigital.net/d09ZhGf.exe
http://ftp.lastraautosport.com.ar/xjH.exe
Targets
-
-
Target
b811cf758ddb3286c48cc05539810498a8f2d76404f431b57176706434f4d5d3
-
Size
144KB
-
MD5
9aac5437150f50bdb42b553a372a90ff
-
SHA1
a553859bf9d2a7b7704bd06fc85ce08530bf915f
-
SHA256
b811cf758ddb3286c48cc05539810498a8f2d76404f431b57176706434f4d5d3
-
SHA512
0723b41d4587e32169d222feb73321f2f23c68618b54a346bcb34667b6972368697d9cf0dc57adb472f8c0bc6716fce46a72ce74f10677dd36a91436aec59f6a
-
SSDEEP
3072:0jlKZelTDXHbSnCZYoB1rLAxgutQb0HdUyY6CpaJFsZLoYHY:4weljSn8YoLLVrbwzuaj2rH
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-