General
-
Target
ce5dfa3bce47ee46de3f6f561bbae91720a224cce429c805bd86418197ffd78e
-
Size
134KB
-
Sample
221002-pekddaeed4
-
MD5
49e9c72c453dc0af578213d317ec6d10
-
SHA1
700bbd0de2c608939afc849eab991f12a16a2db5
-
SHA256
ce5dfa3bce47ee46de3f6f561bbae91720a224cce429c805bd86418197ffd78e
-
SHA512
6140cab1079208f434f101e3a89da1956358682ff03a7710982025f4d75af86dba7c3d329a55d1b8430b95b37988e7fd1fe9928952e621d28f64cdd0a67cf08c
-
SSDEEP
1536:ZDCzR+DpMyQJbb5bvVNhTVxRLceT8trA/7IyKXLXNO4us/dn7qB/k9B1XBZtAeej:ZDd+lRLZT8tO8/LXEsFn7q+J3egY
Static task
static1
Behavioral task
behavioral1
Sample
ce5dfa3bce47ee46de3f6f561bbae91720a224cce429c805bd86418197ffd78e.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ce5dfa3bce47ee46de3f6f561bbae91720a224cce429c805bd86418197ffd78e.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://116.122.158.195:8080/forum/viewtopic.php
http://talentos.clicken1.com:81/forum/viewtopic.php
http://panama.clicken1.com:81/forum/viewtopic.php
http://monteazul.clicken1.com:81/forum/viewtopic.php
-
payload_url
http://kartoteka-tbns.com.pl/163w.exe
http://www.anro-invest.de/Rmx6.exe
http://61.64.96.64/J92.exe
Targets
-
-
Target
ce5dfa3bce47ee46de3f6f561bbae91720a224cce429c805bd86418197ffd78e
-
Size
134KB
-
MD5
49e9c72c453dc0af578213d317ec6d10
-
SHA1
700bbd0de2c608939afc849eab991f12a16a2db5
-
SHA256
ce5dfa3bce47ee46de3f6f561bbae91720a224cce429c805bd86418197ffd78e
-
SHA512
6140cab1079208f434f101e3a89da1956358682ff03a7710982025f4d75af86dba7c3d329a55d1b8430b95b37988e7fd1fe9928952e621d28f64cdd0a67cf08c
-
SSDEEP
1536:ZDCzR+DpMyQJbb5bvVNhTVxRLceT8trA/7IyKXLXNO4us/dn7qB/k9B1XBZtAeej:ZDd+lRLZT8tO8/LXEsFn7q+J3egY
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-