General
-
Target
7b4c6a89c452a163d0c23c750ba4ee2b58a104cf863b6b8c752550b803595571
-
Size
144KB
-
Sample
221205-cx5qtage89
-
MD5
8c7b147091642b181ac5d0867145349e
-
SHA1
66a10a601bb9c65c05e6922d08a9412913de6818
-
SHA256
7b4c6a89c452a163d0c23c750ba4ee2b58a104cf863b6b8c752550b803595571
-
SHA512
ec6b6b28c496c0b597c590d47ec772ff207ffd72d0da5a5400e5c7e53cd119fa41b4532eb0267e9f8b1ed773b44a1adaca70a102cc857ec7127ab397f3d73a28
-
SSDEEP
3072:0jlKZelTDzi//FZZOecJ9n4glBbRVW1iESpaJq68LsiA:4welK/FPOL/5Hb8QaD
Behavioral task
behavioral1
Sample
7b4c6a89c452a163d0c23c750ba4ee2b58a104cf863b6b8c752550b803595571.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
7b4c6a89c452a163d0c23c750ba4ee2b58a104cf863b6b8c752550b803595571.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
pony
http://74.53.97.66:8080/forum/viewtopic.php
http://74.53.97.67:8080/forum/viewtopic.php
-
payload_url
http://www.ncga.org/toK.exe
http://biju.crt.bg/geyj.exe
http://web.techart.cz/R8wnJrWU.exe
Targets
-
-
Target
7b4c6a89c452a163d0c23c750ba4ee2b58a104cf863b6b8c752550b803595571
-
Size
144KB
-
MD5
8c7b147091642b181ac5d0867145349e
-
SHA1
66a10a601bb9c65c05e6922d08a9412913de6818
-
SHA256
7b4c6a89c452a163d0c23c750ba4ee2b58a104cf863b6b8c752550b803595571
-
SHA512
ec6b6b28c496c0b597c590d47ec772ff207ffd72d0da5a5400e5c7e53cd119fa41b4532eb0267e9f8b1ed773b44a1adaca70a102cc857ec7127ab397f3d73a28
-
SSDEEP
3072:0jlKZelTDzi//FZZOecJ9n4glBbRVW1iESpaJq68LsiA:4welK/FPOL/5Hb8QaD
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-