General
-
Target
525904d29af7261c471b7a2b89b3697e035cafb0c7e04dadebc07af00c6ca45f
-
Size
124KB
-
Sample
221003-bm7xrabggr
-
MD5
572656bcaf7b4eb052ca549731992578
-
SHA1
da4662c2518c24a9bff6792a28ae132b6f038a3c
-
SHA256
525904d29af7261c471b7a2b89b3697e035cafb0c7e04dadebc07af00c6ca45f
-
SHA512
1b4a16a792f05896ceafa6e45e1f283caf78d78cc61df58ec9739142f3e99692266df3c8dc353d9dfa9461db64157e9a2d87095f684d88de41b0ba0876239ae8
-
SSDEEP
3072:9eIa4bB2+4fGdQSJ7TMDz0MURvCN2eV3INrm:sIfBD4+dRFQ1Ut+VYrm
Static task
static1
Behavioral task
behavioral1
Sample
525904d29af7261c471b7a2b89b3697e035cafb0c7e04dadebc07af00c6ca45f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
525904d29af7261c471b7a2b89b3697e035cafb0c7e04dadebc07af00c6ca45f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://talentos.clicken1.com:81/ponyb/gate.php
http://panama.clicken1.com:81/ponyb/gate.php
http://monteazul.clicken1.com:81/ponyb/gate.php
http://199.168.184.198:81/ponyb/gate.php
-
payload_url
http://schornsteinfeger-helmste.de/ja8GCJ.exe
http://ebaa.daa.jp/PePbz1e.exe
http://ftp.paradetrade.com/RkGndP.exe
http://justcarepodiatry.com/ZZFh.exe
Targets
-
-
Target
525904d29af7261c471b7a2b89b3697e035cafb0c7e04dadebc07af00c6ca45f
-
Size
124KB
-
MD5
572656bcaf7b4eb052ca549731992578
-
SHA1
da4662c2518c24a9bff6792a28ae132b6f038a3c
-
SHA256
525904d29af7261c471b7a2b89b3697e035cafb0c7e04dadebc07af00c6ca45f
-
SHA512
1b4a16a792f05896ceafa6e45e1f283caf78d78cc61df58ec9739142f3e99692266df3c8dc353d9dfa9461db64157e9a2d87095f684d88de41b0ba0876239ae8
-
SSDEEP
3072:9eIa4bB2+4fGdQSJ7TMDz0MURvCN2eV3INrm:sIfBD4+dRFQ1Ut+VYrm
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-