General
-
Target
971cddc72c1aabe9dd24c9a803c978763e932d16d172227c700d362676a141c8
-
Size
121KB
-
Sample
221003-baxk9ahgd6
-
MD5
6d275279e9f31d9873f71773e23bf4d0
-
SHA1
7c9ae708b7cb1063b2b5ff13db98dc29a6da4c25
-
SHA256
971cddc72c1aabe9dd24c9a803c978763e932d16d172227c700d362676a141c8
-
SHA512
b1532386ba4f4fea25c4565f9663ae5e7bf3256d4ee7c74f8b799c9f294a167f3bce26024a24bc3c1354bc3d8725be167030499e8629d7ef91dcf378f5097682
-
SSDEEP
1536:1IAgBUh/dC62HicSj6RQuAt2KVgKTrcv2DDDz2Hik//tS55S3Zo6enfQdtTm:1qClC62CczEgacvCDz2Hf9STSpot2g
Static task
static1
Behavioral task
behavioral1
Sample
971cddc72c1aabe9dd24c9a803c978763e932d16d172227c700d362676a141c8.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
971cddc72c1aabe9dd24c9a803c978763e932d16d172227c700d362676a141c8.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://mail.yaklasim.com:8080/forum/viewtopic.php
http://aapros.org/forum/viewtopic.php
http://automaintenancegreeley.com/forum/viewtopic.php
http://autorepairevans.com/forum/viewtopic.php
-
payload_url
http://ftp.bluemoon.eu/byuk.exe
http://EZGOLFLESSONS.COM/Z50uke.exe
http://198.170.76.118/nMzEc0.exe
Targets
-
-
Target
971cddc72c1aabe9dd24c9a803c978763e932d16d172227c700d362676a141c8
-
Size
121KB
-
MD5
6d275279e9f31d9873f71773e23bf4d0
-
SHA1
7c9ae708b7cb1063b2b5ff13db98dc29a6da4c25
-
SHA256
971cddc72c1aabe9dd24c9a803c978763e932d16d172227c700d362676a141c8
-
SHA512
b1532386ba4f4fea25c4565f9663ae5e7bf3256d4ee7c74f8b799c9f294a167f3bce26024a24bc3c1354bc3d8725be167030499e8629d7ef91dcf378f5097682
-
SSDEEP
1536:1IAgBUh/dC62HicSj6RQuAt2KVgKTrcv2DDDz2Hik//tS55S3Zo6enfQdtTm:1qClC62CczEgacvCDz2Hf9STSpot2g
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-