General
-
Target
9b009661045ff096be3dca7bbb011fa7
-
Size
907KB
-
Sample
240214-hamvdabe4z
-
MD5
9b009661045ff096be3dca7bbb011fa7
-
SHA1
00cc3c01ce1a7d388f38974be703952d37ca054b
-
SHA256
bfe85b846350851dd4f83dfed498ae60f85d4129329c24d831567609c8ab553e
-
SHA512
646402a998c5b34c727aa7158e056a1ce5f550874ba54564ed307c48866ed03031f287ad477ebeda47086af4ba63f884320186529c7f3fd0ac9d04948d05e978
-
SSDEEP
24576:VynVxDKBr1HugeYoNgaxvRM+O61nRlUUvqlqma4y24SCHevZr5In+++++++++++m:VqtMpuXXvRkuRCUvqlqma4y24SCHevZm
Static task
static1
Behavioral task
behavioral1
Sample
9b009661045ff096be3dca7bbb011fa7.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
9b009661045ff096be3dca7bbb011fa7.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
pony
https://www.bullseyecx.com.au/wp-admin/netflix/panel/gate.php
Targets
-
-
Target
9b009661045ff096be3dca7bbb011fa7
-
Size
907KB
-
MD5
9b009661045ff096be3dca7bbb011fa7
-
SHA1
00cc3c01ce1a7d388f38974be703952d37ca054b
-
SHA256
bfe85b846350851dd4f83dfed498ae60f85d4129329c24d831567609c8ab553e
-
SHA512
646402a998c5b34c727aa7158e056a1ce5f550874ba54564ed307c48866ed03031f287ad477ebeda47086af4ba63f884320186529c7f3fd0ac9d04948d05e978
-
SSDEEP
24576:VynVxDKBr1HugeYoNgaxvRM+O61nRlUUvqlqma4y24SCHevZr5In+++++++++++m:VqtMpuXXvRkuRCUvqlqma4y24SCHevZm
-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-