General
-
Target
16F0F3DAC1F5860D2D6ED940A3C20C070E22A913A847D.exe
-
Size
56KB
-
Sample
230507-qbd8mage3z
-
MD5
f6536f7fe9feef17adc493638395555b
-
SHA1
157307ead7905b1844dcc69458f0531e66b31fb6
-
SHA256
16f0f3dac1f5860d2d6ed940a3c20c070e22a913a847d7b0be0aa2e18181d599
-
SHA512
5313d816e2aba0c2f9a2627ed8f1a7507aec05d7f7089a51307743bb215b1fe15e1596699f3b092dc117a5fcf21772a38ce326be8c917ba9aa1fe2492df96da3
-
SSDEEP
1536:+tzqxvhrplLk9h8egJPfWunoGh4R17mZDLn845OUKMkQKFoNek+5UD:+T8N3WuoGh4KZDL1gmKF0ek+M
Static task
static1
Behavioral task
behavioral1
Sample
16F0F3DAC1F5860D2D6ED940A3C20C070E22A913A847D.exe
Resource
win7-20230220-en
Malware Config
Extracted
pony
http://sunelec-kk.com/tmp/r1.php
http://japmotors.net/tmp/r1.php
-
payload_url
http://globalofficesolution.net/tmp/file1.exe
http://globalofficesolution.net/tmp/file2.exe
http://davesclassics.com.au/tmp/file1.exe
http://davesclassics.com.au/tmp/file2.exe
Targets
-
-
Target
16F0F3DAC1F5860D2D6ED940A3C20C070E22A913A847D.exe
-
Size
56KB
-
MD5
f6536f7fe9feef17adc493638395555b
-
SHA1
157307ead7905b1844dcc69458f0531e66b31fb6
-
SHA256
16f0f3dac1f5860d2d6ed940a3c20c070e22a913a847d7b0be0aa2e18181d599
-
SHA512
5313d816e2aba0c2f9a2627ed8f1a7507aec05d7f7089a51307743bb215b1fe15e1596699f3b092dc117a5fcf21772a38ce326be8c917ba9aa1fe2492df96da3
-
SSDEEP
1536:+tzqxvhrplLk9h8egJPfWunoGh4R17mZDLn845OUKMkQKFoNek+5UD:+T8N3WuoGh4KZDL1gmKF0ek+M
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-