General
-
Target
c0c6bb78e520b096bbdc606deb3f6476d2df29a982cc4efabc899a81b819c520
-
Size
136KB
-
Sample
221108-1nfx4abhgm
-
MD5
0d49f5cacf7b65a277c392c9342e4170
-
SHA1
d1e04d5ca3e6418571a54d7ad4dc41594ad06d5b
-
SHA256
c0c6bb78e520b096bbdc606deb3f6476d2df29a982cc4efabc899a81b819c520
-
SHA512
094f4526a1e8a87deac8452269148cd486f8a39f2a1bd7b49fe0795f4710332e7d0fbeeafda44ea17a93b9234d3a8ca3ab73335a829aeaac0268ed7de1ffdb33
-
SSDEEP
3072:9MhsxvhtT8Nl/It8x2RuipNKIYEWNrrOTB:9QsrtWl/UdpNKIYVvOT
Static task
static1
Behavioral task
behavioral1
Sample
c0c6bb78e520b096bbdc606deb3f6476d2df29a982cc4efabc899a81b819c520.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c0c6bb78e520b096bbdc606deb3f6476d2df29a982cc4efabc899a81b819c520.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
pony
http://190.81.149.106:8080/forum/viewtopic.php
http://mail.yaklasim.com:8080/forum/viewtopic.php
http://laserliposolution.com/forum/viewtopic.php
http://laserlipotight.com/forum/viewtopic.php
-
payload_url
http://marklawllc.com/b80X2TVz.exe
http://173.192.39.2/VqeF3.exe
http://vogel-modellbau.de/VWb0y.exe
Targets
-
-
Target
c0c6bb78e520b096bbdc606deb3f6476d2df29a982cc4efabc899a81b819c520
-
Size
136KB
-
MD5
0d49f5cacf7b65a277c392c9342e4170
-
SHA1
d1e04d5ca3e6418571a54d7ad4dc41594ad06d5b
-
SHA256
c0c6bb78e520b096bbdc606deb3f6476d2df29a982cc4efabc899a81b819c520
-
SHA512
094f4526a1e8a87deac8452269148cd486f8a39f2a1bd7b49fe0795f4710332e7d0fbeeafda44ea17a93b9234d3a8ca3ab73335a829aeaac0268ed7de1ffdb33
-
SSDEEP
3072:9MhsxvhtT8Nl/It8x2RuipNKIYEWNrrOTB:9QsrtWl/UdpNKIYVvOT
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-