General
-
Target
a9ae03503255e74267f1986b3145f43eb1faaa14c8b38bbc2a826d7fbab851dc
-
Size
120KB
-
Sample
221108-14c65scgaj
-
MD5
0171caeb8beef70f9916228e0112f150
-
SHA1
c8b5dbfc4038dbadeb766573a9259ca20d164449
-
SHA256
a9ae03503255e74267f1986b3145f43eb1faaa14c8b38bbc2a826d7fbab851dc
-
SHA512
32c92e4527f75cd5189cdbcd1f89e64a67b8ae35a5593ae3e50656fedc00cf2c77f628bb1b696285d21d8734c77fb426b374fa63ff5ed64a412bd8c67613c768
-
SSDEEP
3072:O/pbO4QCFal3QHIfYdy9mFbbvhvOlC266iS/Ab4paCKOvN:mJuCA3QofY0oJz5O1Zibb46OvN
Static task
static1
Behavioral task
behavioral1
Sample
a9ae03503255e74267f1986b3145f43eb1faaa14c8b38bbc2a826d7fbab851dc.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a9ae03503255e74267f1986b3145f43eb1faaa14c8b38bbc2a826d7fbab851dc.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://eguttersupply.com/ponys/gate.php
http://filterflowgutterguard.com/ponys/gate.php
http://guttersupply.mobi/ponys/gate.php
http://iguttersupply.com/ponys/gate.php
-
payload_url
http://privatesavings.ca/CN9jpGK.exe
http://spireportal.net/MYWJg.exe
http://ftp.myfxpips.com/RwZy.exe
http://weimarenterprises.com/n4t43ZqX.exe
Targets
-
-
Target
a9ae03503255e74267f1986b3145f43eb1faaa14c8b38bbc2a826d7fbab851dc
-
Size
120KB
-
MD5
0171caeb8beef70f9916228e0112f150
-
SHA1
c8b5dbfc4038dbadeb766573a9259ca20d164449
-
SHA256
a9ae03503255e74267f1986b3145f43eb1faaa14c8b38bbc2a826d7fbab851dc
-
SHA512
32c92e4527f75cd5189cdbcd1f89e64a67b8ae35a5593ae3e50656fedc00cf2c77f628bb1b696285d21d8734c77fb426b374fa63ff5ed64a412bd8c67613c768
-
SSDEEP
3072:O/pbO4QCFal3QHIfYdy9mFbbvhvOlC266iS/Ab4paCKOvN:mJuCA3QofY0oJz5O1Zibb46OvN
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-