General
-
Target
d8f2134b2c7e77178bd616e4a314f3a2
-
Size
147KB
-
Sample
240320-q2accshg72
-
MD5
d8f2134b2c7e77178bd616e4a314f3a2
-
SHA1
da1f496cc7a8d4ec79b82f7f7bd66f66eb23b12a
-
SHA256
9a49e92bac2b89082d2c8d0d2ee7b7accd861c6524b5d44eceb87ca526ee02cf
-
SHA512
d5d518b5f79a0a6f91723bbc5c50defaa7cdc37f726045a3ef731685c44acf8332c613d1566133ff2e869d587ad064a76702bdbb56e31938dffc98f4b6d62cb1
-
SSDEEP
3072:z5Rfr1ZZpFhVpnzaGXnCbwJepw71s6moLfXyvS5Dl:z5tr5BVFzxVJe5DvS5D
Static task
static1
Behavioral task
behavioral1
Sample
d8f2134b2c7e77178bd616e4a314f3a2.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://sam-latrilogie.com:8080/pony/gate.php
http://loceanic.fr:8080/pony/gate.php
-
payload_url
http://alcaponecigarillos.com/RdKtpaU.exe
http://smartchoicesites.com/zdDFRHWT.exe
http://www.cuboderoda.com.br/vPhQ.exe
Targets
-
-
Target
d8f2134b2c7e77178bd616e4a314f3a2
-
Size
147KB
-
MD5
d8f2134b2c7e77178bd616e4a314f3a2
-
SHA1
da1f496cc7a8d4ec79b82f7f7bd66f66eb23b12a
-
SHA256
9a49e92bac2b89082d2c8d0d2ee7b7accd861c6524b5d44eceb87ca526ee02cf
-
SHA512
d5d518b5f79a0a6f91723bbc5c50defaa7cdc37f726045a3ef731685c44acf8332c613d1566133ff2e869d587ad064a76702bdbb56e31938dffc98f4b6d62cb1
-
SSDEEP
3072:z5Rfr1ZZpFhVpnzaGXnCbwJepw71s6moLfXyvS5Dl:z5tr5BVFzxVJe5DvS5D
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-