General
-
Target
da689860f1cda970dc761ec35abe58b1
-
Size
128KB
-
Sample
240321-cg8grsac9t
-
MD5
da689860f1cda970dc761ec35abe58b1
-
SHA1
128b10c229ef035250640e13e3b9468bb150fa2d
-
SHA256
008bc8ffc634432b9f9fff419eb7fcf0bf0688de60649b1882b152fc61dc71e0
-
SHA512
af874a0039023353a0bfcb301901784b2a7eda1fc7dd3172bcf5d7f967d4e631362cafb6071f67ddb58822e1bf4041445cf2d3eab1adf1841b6da1bde2347ce1
-
SSDEEP
3072:uGHi6mw2uRP5oNRw6BxqzF4tKzLoxqDHyJVPhwcj:+Ru74Rw6B3tKz0qDHyfPhf
Static task
static1
Behavioral task
behavioral1
Sample
da689860f1cda970dc761ec35abe58b1.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://67.215.225.205:8080/forum/viewtopic.php
http://69.194.193.134/forum/viewtopic.php
-
payload_url
http://jenisegreggcouture.com/i3AnbAV.exe
http://gelerter.com/x1AZobA.exe
http://www.northeasttreeremoval.com/VDYHGMfH.exe
Targets
-
-
Target
da689860f1cda970dc761ec35abe58b1
-
Size
128KB
-
MD5
da689860f1cda970dc761ec35abe58b1
-
SHA1
128b10c229ef035250640e13e3b9468bb150fa2d
-
SHA256
008bc8ffc634432b9f9fff419eb7fcf0bf0688de60649b1882b152fc61dc71e0
-
SHA512
af874a0039023353a0bfcb301901784b2a7eda1fc7dd3172bcf5d7f967d4e631362cafb6071f67ddb58822e1bf4041445cf2d3eab1adf1841b6da1bde2347ce1
-
SSDEEP
3072:uGHi6mw2uRP5oNRw6BxqzF4tKzLoxqDHyJVPhwcj:+Ru74Rw6B3tKz0qDHyfPhf
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-