General
-
Target
5a7e52bc92be9572c834f8e69cfbb89edbd798b954c348037ff116c6bbd3315b
-
Size
114KB
-
Sample
221002-qpsceaggb5
-
MD5
4b1601b1061d50814657de774a88abc0
-
SHA1
ed8afeb0988d33f7c2371b11033a89c31121d521
-
SHA256
5a7e52bc92be9572c834f8e69cfbb89edbd798b954c348037ff116c6bbd3315b
-
SHA512
1e9c9a4cd9d8baa62bdc24fce5d6a3e5f2abb52edbf74d3a0db034c9a6f7447b5aaf073cf223cea21d2c32b92f7a7499c840fcf3e7f3ada4a3b95c677858e886
-
SSDEEP
3072:zGPO6ZSo4e1Y5Dgxp1nAt4wuRdPf8zRrU6JCS4Ks62aw1vDUEN7:3l5Dcp1AbUdPf8zRrnJjwZn7
Static task
static1
Behavioral task
behavioral1
Sample
5a7e52bc92be9572c834f8e69cfbb89edbd798b954c348037ff116c6bbd3315b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5a7e52bc92be9572c834f8e69cfbb89edbd798b954c348037ff116c6bbd3315b.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
pony
http://findmynewschool.com/ponyb/gate.php
http://trippling.com/ponyb/gate.php
http://beachfrontconcierge.com/ponyb/gate.php
http://dinneraffairs.com/ponyb/gate.php
-
payload_url
http://gaiahpl.com/QQuAzs.exe
http://kandu.de/7qW5tXSm.exe
http://s252653471.onlinehome.us/SPJYZe.exe
Targets
-
-
Target
5a7e52bc92be9572c834f8e69cfbb89edbd798b954c348037ff116c6bbd3315b
-
Size
114KB
-
MD5
4b1601b1061d50814657de774a88abc0
-
SHA1
ed8afeb0988d33f7c2371b11033a89c31121d521
-
SHA256
5a7e52bc92be9572c834f8e69cfbb89edbd798b954c348037ff116c6bbd3315b
-
SHA512
1e9c9a4cd9d8baa62bdc24fce5d6a3e5f2abb52edbf74d3a0db034c9a6f7447b5aaf073cf223cea21d2c32b92f7a7499c840fcf3e7f3ada4a3b95c677858e886
-
SSDEEP
3072:zGPO6ZSo4e1Y5Dgxp1nAt4wuRdPf8zRrU6JCS4Ks62aw1vDUEN7:3l5Dcp1AbUdPf8zRrnJjwZn7
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-