General
-
Target
9f406016ab8faa2cf00bfb37ce4a04f31c49dae80b8321d8cdec351b52a6abc0
-
Size
113KB
-
Sample
221003-a88kqsbbgk
-
MD5
6502ee541ed8a4a4343ad85b6f88d871
-
SHA1
7e8b6274d9add65805aa6ed075983737f11ed4e1
-
SHA256
9f406016ab8faa2cf00bfb37ce4a04f31c49dae80b8321d8cdec351b52a6abc0
-
SHA512
278e3dd2ee85040a94b6f8cf904cab8e2ebc1478251590684b7d089ec775f6183054aab2c6b234a7f205986e8aca5f9835e51d61586087261322dddfc334e6f1
-
SSDEEP
3072:crNlKNds57u7oqWHgsRZei9ZPRfBdgQUFml4kw/Gdv2Q0r+F:cr+NdWtqWP3ZqQl4X/0v10
Static task
static1
Behavioral task
behavioral1
Sample
9f406016ab8faa2cf00bfb37ce4a04f31c49dae80b8321d8cdec351b52a6abc0.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
9f406016ab8faa2cf00bfb37ce4a04f31c49dae80b8321d8cdec351b52a6abc0.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://pacificcontractsources.com/ponyb/gate.php
http://50shadesofshades.com/ponyb/gate.php
http://50shadesofsunshades.com/ponyb/gate.php
http://800fragrances.com/ponyb/gate.php
-
payload_url
http://ebaa.daa.jp/A8HFWqy.exe
http://fanpageserver.info/PhFJ.exe
http://hakata-ekimae.biz/YyJYqg.exe
http://www.twr.it/dW68EAqa.exe
Targets
-
-
Target
9f406016ab8faa2cf00bfb37ce4a04f31c49dae80b8321d8cdec351b52a6abc0
-
Size
113KB
-
MD5
6502ee541ed8a4a4343ad85b6f88d871
-
SHA1
7e8b6274d9add65805aa6ed075983737f11ed4e1
-
SHA256
9f406016ab8faa2cf00bfb37ce4a04f31c49dae80b8321d8cdec351b52a6abc0
-
SHA512
278e3dd2ee85040a94b6f8cf904cab8e2ebc1478251590684b7d089ec775f6183054aab2c6b234a7f205986e8aca5f9835e51d61586087261322dddfc334e6f1
-
SSDEEP
3072:crNlKNds57u7oqWHgsRZei9ZPRfBdgQUFml4kw/Gdv2Q0r+F:cr+NdWtqWP3ZqQl4X/0v10
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-