General
-
Target
6e2dda5f69be9c9e2a02e4d020909b20b37014795a402d132efb8493f49c2dcd
-
Size
131KB
-
Sample
221003-bhck2sbehl
-
MD5
67fec0765013571257a6e83cb087a9e0
-
SHA1
189920e18c2140e6706311fdfcb9540919a8f74f
-
SHA256
6e2dda5f69be9c9e2a02e4d020909b20b37014795a402d132efb8493f49c2dcd
-
SHA512
ba4945a8322d1a0a1f2e9219fdad42ba2b0251f97aaa40551ec179c2706a1dd3c96f25df43ae66b73e4dae36471548c83436ab5ce980b996e5757f90fb8bc932
-
SSDEEP
3072:VX2aRVm6rH9+uGAJfIX0MaR27PPyUJBXX2z:Awm6pFGAJgsRcPyG2z
Static task
static1
Behavioral task
behavioral1
Sample
6e2dda5f69be9c9e2a02e4d020909b20b37014795a402d132efb8493f49c2dcd.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
6e2dda5f69be9c9e2a02e4d020909b20b37014795a402d132efb8493f49c2dcd.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://mail.yaklasim.com:8080/forum/viewtopic.php
http://116.122.158.195:8080/forum/viewtopic.php
http://vulcantire.net/forum/viewtopic.php
http://westautorepair.com/forum/viewtopic.php
-
payload_url
http://workingschool.dk/ix3NbS2.exe
http://briteplc.com/1K6CsgNN.exe
http://rigbers.de/RCKcJp.exe
Targets
-
-
Target
6e2dda5f69be9c9e2a02e4d020909b20b37014795a402d132efb8493f49c2dcd
-
Size
131KB
-
MD5
67fec0765013571257a6e83cb087a9e0
-
SHA1
189920e18c2140e6706311fdfcb9540919a8f74f
-
SHA256
6e2dda5f69be9c9e2a02e4d020909b20b37014795a402d132efb8493f49c2dcd
-
SHA512
ba4945a8322d1a0a1f2e9219fdad42ba2b0251f97aaa40551ec179c2706a1dd3c96f25df43ae66b73e4dae36471548c83436ab5ce980b996e5757f90fb8bc932
-
SSDEEP
3072:VX2aRVm6rH9+uGAJfIX0MaR27PPyUJBXX2z:Awm6pFGAJgsRcPyG2z
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-