General
-
Target
2318a5ae7b138d1957dc966a4120e156a0464f14523b709313d60a2e43f82e1d
-
Size
133KB
-
Sample
221001-2yfkrabad9
-
MD5
7067a99c136b8d46b8e23cbfb311a560
-
SHA1
933a7a68d3ed8d4cc750b22115372becfdb3c976
-
SHA256
2318a5ae7b138d1957dc966a4120e156a0464f14523b709313d60a2e43f82e1d
-
SHA512
598b139797a3678d587ac6bb224ab773e604d5556e499cee75b34a967afcd9fc375d687ad56ad4c18b62e1e0692715ac19cf4e2ad1092b0bba8084fed0580649
-
SSDEEP
3072:mBCCFiXhS7gMm1L2RC7K6DGIIZilhR2Qvwv/DB4rFAlRZ37:BQg+Q7jGIIFksB4rO17
Static task
static1
Behavioral task
behavioral1
Sample
2318a5ae7b138d1957dc966a4120e156a0464f14523b709313d60a2e43f82e1d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2318a5ae7b138d1957dc966a4120e156a0464f14523b709313d60a2e43f82e1d.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://mail.yaklasim.com:8080/forum/viewtopic.php
http://116.122.158.195:8080/forum/viewtopic.php
http://prosbarandgrill.com/forum/viewtopic.php
http://rap-mobility.com/forum/viewtopic.php
-
payload_url
http://ida-institut.de/46T.exe
http://shineuniversal.net/edFQBwug.exe
http://great-hotel-rates.com/DkhZ9.exe
Targets
-
-
Target
2318a5ae7b138d1957dc966a4120e156a0464f14523b709313d60a2e43f82e1d
-
Size
133KB
-
MD5
7067a99c136b8d46b8e23cbfb311a560
-
SHA1
933a7a68d3ed8d4cc750b22115372becfdb3c976
-
SHA256
2318a5ae7b138d1957dc966a4120e156a0464f14523b709313d60a2e43f82e1d
-
SHA512
598b139797a3678d587ac6bb224ab773e604d5556e499cee75b34a967afcd9fc375d687ad56ad4c18b62e1e0692715ac19cf4e2ad1092b0bba8084fed0580649
-
SSDEEP
3072:mBCCFiXhS7gMm1L2RC7K6DGIIZilhR2Qvwv/DB4rFAlRZ37:BQg+Q7jGIIFksB4rO17
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-