General
-
Target
fa18244202716f1f37c3e11e5dcc1496f3b39731543bc4c12b93fb0b4a56f5f8
-
Size
120KB
-
Sample
221002-m5t96acce4
-
MD5
4df2ed0e5fa5b8d95407abaf3ff27170
-
SHA1
aae53eab5ecba45c0181c5fabda609bea13af534
-
SHA256
fa18244202716f1f37c3e11e5dcc1496f3b39731543bc4c12b93fb0b4a56f5f8
-
SHA512
5a688ee50f1bb682565da6daf3b711676817c80d14cbac66df4a8c7c5d49cddc13370287116c1716cadd0a5a7448c0e92da99a436f9d6e98e3ca32cbd7093c0c
-
SSDEEP
3072:Rpqaj4jHXr4qfgbQkvyLGO93fAkhyQOE:DCHXjfgblvyCZkhyQh
Static task
static1
Behavioral task
behavioral1
Sample
fa18244202716f1f37c3e11e5dcc1496f3b39731543bc4c12b93fb0b4a56f5f8.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
fa18244202716f1f37c3e11e5dcc1496f3b39731543bc4c12b93fb0b4a56f5f8.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://forum.xcpus.com:8080/forum/viewtopic.php
http://bryanmattimore.net/forum/viewtopic.php
http://garyfraser.net/forum/viewtopic.php
http://garyrfraser.com/forum/viewtopic.php
-
payload_url
http://www.assibia.it/RQy.exe
http://033d140.netsolhost.com/1HH87e.exe
http://metrologico.gr/4EzYve.exe
http://colinwud.com/KsX.exe
Targets
-
-
Target
fa18244202716f1f37c3e11e5dcc1496f3b39731543bc4c12b93fb0b4a56f5f8
-
Size
120KB
-
MD5
4df2ed0e5fa5b8d95407abaf3ff27170
-
SHA1
aae53eab5ecba45c0181c5fabda609bea13af534
-
SHA256
fa18244202716f1f37c3e11e5dcc1496f3b39731543bc4c12b93fb0b4a56f5f8
-
SHA512
5a688ee50f1bb682565da6daf3b711676817c80d14cbac66df4a8c7c5d49cddc13370287116c1716cadd0a5a7448c0e92da99a436f9d6e98e3ca32cbd7093c0c
-
SSDEEP
3072:Rpqaj4jHXr4qfgbQkvyLGO93fAkhyQOE:DCHXjfgblvyCZkhyQh
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-