General
-
Target
df62e263583275ce9be88501838a415c0174cbb8d4b0d31d21c85289d1afe7f5
-
Size
131KB
-
Sample
221003-aw8d7shbd2
-
MD5
6c129a2309018076359921c0cb56e380
-
SHA1
4925c0a485b586e618967f87a63c41a147b4a68d
-
SHA256
df62e263583275ce9be88501838a415c0174cbb8d4b0d31d21c85289d1afe7f5
-
SHA512
b827f9cfe9e5367eb1ecf0042afa85a8642da89535a04aa357c1bc98ea51a28af1a156926eed19504fcd432dc75f7f49313226103d8194c78c6447b4994f47a5
-
SSDEEP
3072:8piG3QVXysrerBVldvy44uXdrl27xs8N0/O7Ad:kID0BwadR268N0vd
Static task
static1
Behavioral task
behavioral1
Sample
df62e263583275ce9be88501838a415c0174cbb8d4b0d31d21c85289d1afe7f5.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
df62e263583275ce9be88501838a415c0174cbb8d4b0d31d21c85289d1afe7f5.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
pony
http://mail.yaklasim.com:8080/forum/viewtopic.php
http://116.122.158.195:8080/forum/viewtopic.php
http://hurricaneshuttersrebate.com/forum/viewtopic.php
http://hurricanestormsavings.com/forum/viewtopic.php
-
payload_url
http://www.boehme-paderborn.de/DJY.exe
http://jumpsuit.se/bXQc0je.exe
http://taxi-katakolo.com/QjaKcE.exe
Targets
-
-
Target
df62e263583275ce9be88501838a415c0174cbb8d4b0d31d21c85289d1afe7f5
-
Size
131KB
-
MD5
6c129a2309018076359921c0cb56e380
-
SHA1
4925c0a485b586e618967f87a63c41a147b4a68d
-
SHA256
df62e263583275ce9be88501838a415c0174cbb8d4b0d31d21c85289d1afe7f5
-
SHA512
b827f9cfe9e5367eb1ecf0042afa85a8642da89535a04aa357c1bc98ea51a28af1a156926eed19504fcd432dc75f7f49313226103d8194c78c6447b4994f47a5
-
SSDEEP
3072:8piG3QVXysrerBVldvy44uXdrl27xs8N0/O7Ad:kID0BwadR268N0vd
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-