General
-
Target
f7342e59f2dd9dfe40927f591676642098c364ccf092a597a99c38277775dc2f
-
Size
129KB
-
Sample
221001-1wth6aaehj
-
MD5
6c078587c37fa611bd3474383ea67aa0
-
SHA1
8ad5e7ad7d649b0437f82bffefee856f636e220e
-
SHA256
f7342e59f2dd9dfe40927f591676642098c364ccf092a597a99c38277775dc2f
-
SHA512
170a6062b76d6f842b70c7e2d237f2bc554147eebf005dbb568ac88c140a1dd48c153792c80318da86529d7917427e97086942f0e84a4b9664d5129219efdf41
-
SSDEEP
1536:XHnIytL4Q+26ZPAKj7+/MHApyWngQjEffMtkO5ndSIqRUXQmVCVPtygoJ:XHM26EUxWngQyf8kO5dGUXQmIV0
Static task
static1
Behavioral task
behavioral1
Sample
f7342e59f2dd9dfe40927f591676642098c364ccf092a597a99c38277775dc2f.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
f7342e59f2dd9dfe40927f591676642098c364ccf092a597a99c38277775dc2f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://116.122.158.195:8080/forum/viewtopic.php
http://mail.yaklasim.com:8080/forum/viewtopic.php
http://9602iridium.com/forum/viewtopic.php
http://9602sbd.com/forum/viewtopic.php
-
payload_url
http://s408353824.websitehome.co.uk/EvG9mKbC.exe
http://033d140.netsolhost.com/LQt1rm3.exe
http://64.37.123.85/30p0.exe
Targets
-
-
Target
f7342e59f2dd9dfe40927f591676642098c364ccf092a597a99c38277775dc2f
-
Size
129KB
-
MD5
6c078587c37fa611bd3474383ea67aa0
-
SHA1
8ad5e7ad7d649b0437f82bffefee856f636e220e
-
SHA256
f7342e59f2dd9dfe40927f591676642098c364ccf092a597a99c38277775dc2f
-
SHA512
170a6062b76d6f842b70c7e2d237f2bc554147eebf005dbb568ac88c140a1dd48c153792c80318da86529d7917427e97086942f0e84a4b9664d5129219efdf41
-
SSDEEP
1536:XHnIytL4Q+26ZPAKj7+/MHApyWngQjEffMtkO5ndSIqRUXQmVCVPtygoJ:XHM26EUxWngQyf8kO5dGUXQmIV0
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-