General
-
Target
bc3b825872e371ba9a7eb6df5921dd33.exe
-
Size
304KB
-
Sample
240112-wn3dwadaaq
-
MD5
bc3b825872e371ba9a7eb6df5921dd33
-
SHA1
98a7df4ca2ddc14c28bf8bf4bcab79fdf2a088d0
-
SHA256
1a1dc33fae444afdd54f6f50dd47ed4b9f673fbc5595dad7b48e78cac0458465
-
SHA512
60e86491814216e4db4ea6f9f2d2ef83a2a39828511c6d6b6570be086de52826e5ed41d145377826eb26000a2144db61dd60d76cb964cd39af3d0a10be2910f3
-
SSDEEP
3072:oO81elGlBalZgxcDTa/b6vgcDhJNBqOAxx4naobZWDGbJQxSdrPf3aNQ:HElBhxaGyFhJNBqNxWayrbJQxwr
Static task
static1
Behavioral task
behavioral1
Sample
bc3b825872e371ba9a7eb6df5921dd33.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
bc3b825872e371ba9a7eb6df5921dd33.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
pony
http://fishery.co.in/virgin/leo/gate.php
-
payload_url
http://fishery.co.in/virgin/leo/specification.exe
Targets
-
-
Target
bc3b825872e371ba9a7eb6df5921dd33.exe
-
Size
304KB
-
MD5
bc3b825872e371ba9a7eb6df5921dd33
-
SHA1
98a7df4ca2ddc14c28bf8bf4bcab79fdf2a088d0
-
SHA256
1a1dc33fae444afdd54f6f50dd47ed4b9f673fbc5595dad7b48e78cac0458465
-
SHA512
60e86491814216e4db4ea6f9f2d2ef83a2a39828511c6d6b6570be086de52826e5ed41d145377826eb26000a2144db61dd60d76cb964cd39af3d0a10be2910f3
-
SSDEEP
3072:oO81elGlBalZgxcDTa/b6vgcDhJNBqOAxx4naobZWDGbJQxSdrPf3aNQ:HElBhxaGyFhJNBqNxWayrbJQxwr
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-