General
-
Target
c6e3c010c1d5d3fbb8ec9cbece3683c54a52180cad7b4a8096ba3151df6f7567
-
Size
126KB
-
Sample
221108-1jvkpabgbr
-
MD5
0fc5ebc5f14330897da0494824e2d45e
-
SHA1
425c9273f149be285ca843a48e553406b574c71e
-
SHA256
c6e3c010c1d5d3fbb8ec9cbece3683c54a52180cad7b4a8096ba3151df6f7567
-
SHA512
b34a28ea20091c24385ba58f52e72a954738b85753a6258a7f7d78525b7628d4fdc07bafc776f2c1414b22c23dec03838bfda9b57b04fedfc88f9d38e93c64b1
-
SSDEEP
3072:StCCSYEEbzwt130cAiVqqgmUXX0ZUVB8WDCa:SYu0t130cAiVqqjU8WP
Static task
static1
Behavioral task
behavioral1
Sample
c6e3c010c1d5d3fbb8ec9cbece3683c54a52180cad7b4a8096ba3151df6f7567.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
c6e3c010c1d5d3fbb8ec9cbece3683c54a52180cad7b4a8096ba3151df6f7567.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://mail.yaklasim.com:8080/forum/viewtopic.php
http://116.122.158.195:8080/forum/viewtopic.php
http://lifestylebonita.com/forum/viewtopic.php
http://lifestyleestero.com/forum/viewtopic.php
-
payload_url
http://lccc-positive-impact.org/yd1.exe
http://dlacton.com/bvNbG.exe
http://mgfinancialplanning.co.uk/AnExiEQs.exe
http://job.intabo.cz/rqs.exe
Targets
-
-
Target
c6e3c010c1d5d3fbb8ec9cbece3683c54a52180cad7b4a8096ba3151df6f7567
-
Size
126KB
-
MD5
0fc5ebc5f14330897da0494824e2d45e
-
SHA1
425c9273f149be285ca843a48e553406b574c71e
-
SHA256
c6e3c010c1d5d3fbb8ec9cbece3683c54a52180cad7b4a8096ba3151df6f7567
-
SHA512
b34a28ea20091c24385ba58f52e72a954738b85753a6258a7f7d78525b7628d4fdc07bafc776f2c1414b22c23dec03838bfda9b57b04fedfc88f9d38e93c64b1
-
SSDEEP
3072:StCCSYEEbzwt130cAiVqqgmUXX0ZUVB8WDCa:SYu0t130cAiVqqjU8WP
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-