General
-
Target
f82c0950f8100dd2f7aecd293b1e147346a161f86d10ffa5ece2c9774938989f
-
Size
130KB
-
Sample
221001-1wn9fahbh8
-
MD5
615b4b20a9418e619804f3f91d9e5ea0
-
SHA1
fe23e6157be0dc1bf877bdc05a2e6ef46459ea0c
-
SHA256
f82c0950f8100dd2f7aecd293b1e147346a161f86d10ffa5ece2c9774938989f
-
SHA512
ce6021dcef5a3bf78a351f4bc5ac662b8e74300e7a08c4655512333796255eeb6a713fda41a089351898f1a915ea1f7456c6ccdef7968fe896fbe4ce72fa724d
-
SSDEEP
3072:hGRar3ge1gbsGJPeT2tzgV9uhnht79AIwJrGm8LYuLu4:0cjge1gZJmyZq9a9BwJP8LYu
Static task
static1
Behavioral task
behavioral1
Sample
f82c0950f8100dd2f7aecd293b1e147346a161f86d10ffa5ece2c9774938989f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f82c0950f8100dd2f7aecd293b1e147346a161f86d10ffa5ece2c9774938989f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://116.122.158.195:8080/forum/viewtopic.php
http://mail.yaklasim.com:8080/forum/viewtopic.php
http://9602iridium.com/forum/viewtopic.php
http://9602sbd.com/forum/viewtopic.php
-
payload_url
http://futuresiouxfalls.com/52iKa.exe
http://thirdangelmessage.com/nHKvBF9k.exe
http://pmengineering.planetstudioweb.com/PqXbzgCk.exe
http://worldcompass.info/Xhm4XsAL.exe
Targets
-
-
Target
f82c0950f8100dd2f7aecd293b1e147346a161f86d10ffa5ece2c9774938989f
-
Size
130KB
-
MD5
615b4b20a9418e619804f3f91d9e5ea0
-
SHA1
fe23e6157be0dc1bf877bdc05a2e6ef46459ea0c
-
SHA256
f82c0950f8100dd2f7aecd293b1e147346a161f86d10ffa5ece2c9774938989f
-
SHA512
ce6021dcef5a3bf78a351f4bc5ac662b8e74300e7a08c4655512333796255eeb6a713fda41a089351898f1a915ea1f7456c6ccdef7968fe896fbe4ce72fa724d
-
SSDEEP
3072:hGRar3ge1gbsGJPeT2tzgV9uhnht79AIwJrGm8LYuLu4:0cjge1gZJmyZq9a9BwJP8LYu
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-