General
-
Target
DEA98717D6F4FDD15391D2FA8E0BEF6A0237363AC49DB.exe
-
Size
160KB
-
Sample
230329-agla5aff8t
-
MD5
951a2b71ab84e8c9e932685b94b22d04
-
SHA1
c32b298f68d9fc8f4d5431725d62bfc5d25b06c5
-
SHA256
dea98717d6f4fdd15391d2fa8e0bef6a0237363ac49dba2ee44714c3830f318f
-
SHA512
bb7347681a00d99bba39e68449cf3fc8a938dac88146a77fbf5fecaf1888cba2b8981eef1901b36b7bc8ab249c152f18dc7f3f9fbbf59474e4d4fd204700f111
-
SSDEEP
3072:9YzJVjheL5gwn1T/np9S7yDEgcJaNf/mdA:9Yna5gyPn0yDEgcJac
Static task
static1
Behavioral task
behavioral1
Sample
DEA98717D6F4FDD15391D2FA8E0BEF6A0237363AC49DB.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
DEA98717D6F4FDD15391D2FA8E0BEF6A0237363AC49DB.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
pony
http://gtatoronto.com/images/single.gif/gate.php
http://strolatex.com/images/4.gif/gate.php
Targets
-
-
Target
DEA98717D6F4FDD15391D2FA8E0BEF6A0237363AC49DB.exe
-
Size
160KB
-
MD5
951a2b71ab84e8c9e932685b94b22d04
-
SHA1
c32b298f68d9fc8f4d5431725d62bfc5d25b06c5
-
SHA256
dea98717d6f4fdd15391d2fa8e0bef6a0237363ac49dba2ee44714c3830f318f
-
SHA512
bb7347681a00d99bba39e68449cf3fc8a938dac88146a77fbf5fecaf1888cba2b8981eef1901b36b7bc8ab249c152f18dc7f3f9fbbf59474e4d4fd204700f111
-
SSDEEP
3072:9YzJVjheL5gwn1T/np9S7yDEgcJaNf/mdA:9Yna5gyPn0yDEgcJac
Score10/10-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-