General
-
Target
d992052bc0a17cdc11548f5e9a3cac35
-
Size
148KB
-
Sample
240320-xpbszsgb62
-
MD5
d992052bc0a17cdc11548f5e9a3cac35
-
SHA1
aba1c8dd6b8b779181877e425dc0e1c0521164ad
-
SHA256
40e16c956395384ab16a69cfb3301b1243e74296ce7fc470452b638237f84c79
-
SHA512
1edcc4279e7e45730f4e0ec621fd3fc54f124e8d5ece5d7380cb2daf910aa4ce64d29fbb55d191ffb36468a1a1617644f25647f46c866680bb79039913cbb5a4
-
SSDEEP
3072:TRGhteI4uTJNGeGbsh5a03zwn9XqSnNZ/8mL2FbMM:TRGhyuDGe33zU9XqSNeG2IM
Static task
static1
Behavioral task
behavioral1
Sample
d992052bc0a17cdc11548f5e9a3cac35.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://199.71.212.114/forum/viewtopic.php
http://198.74.51.164/forum/viewtopic.php
-
payload_url
http://3073.a.hostable.me/Z2U.exe
http://85.18.21.252/PNV3Hbi.exe
Targets
-
-
Target
d992052bc0a17cdc11548f5e9a3cac35
-
Size
148KB
-
MD5
d992052bc0a17cdc11548f5e9a3cac35
-
SHA1
aba1c8dd6b8b779181877e425dc0e1c0521164ad
-
SHA256
40e16c956395384ab16a69cfb3301b1243e74296ce7fc470452b638237f84c79
-
SHA512
1edcc4279e7e45730f4e0ec621fd3fc54f124e8d5ece5d7380cb2daf910aa4ce64d29fbb55d191ffb36468a1a1617644f25647f46c866680bb79039913cbb5a4
-
SSDEEP
3072:TRGhteI4uTJNGeGbsh5a03zwn9XqSnNZ/8mL2FbMM:TRGhyuDGe33zU9XqSNeG2IM
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-