General
-
Target
c090c67c80d0c7dcb403304899bba659a6cb100e77bf0f275983c68d918a8ddc
-
Size
113KB
-
Sample
221108-1nmewabhhl
-
MD5
0b2f0603be182c7e6708b6b9f3f154e9
-
SHA1
76643be9cd0db68b712f79bf9bd09a0439a07a9e
-
SHA256
c090c67c80d0c7dcb403304899bba659a6cb100e77bf0f275983c68d918a8ddc
-
SHA512
49b1d1daaff46359610e7305a037f58a2acf88f6dcd472285d18b50d5290c5bdf7fd58543514f5309417fa892acafd7f0e45fbccbaf23357bd58d1696c28cfd5
-
SSDEEP
3072:wpp4thNQ5PZgnBrpVHwwvUjiw4wgaiX9w+HBfs5z:Fw5PuVHw3n4wgbW+d
Static task
static1
Behavioral task
behavioral1
Sample
c090c67c80d0c7dcb403304899bba659a6cb100e77bf0f275983c68d918a8ddc.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c090c67c80d0c7dcb403304899bba659a6cb100e77bf0f275983c68d918a8ddc.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://mcontrerasrealty.com/forum/viewtopic.php
http://e-babybooks.com/forum/viewtopic.php
http://forever-portraits.com/forum/viewtopic.php
http://itconsultantsdenver.com/forum/viewtopic.php
-
payload_url
http://EZGOLFLESSONS.COM/LsM9.exe
http://scambio.meloni.it/di7Uag.exe
http://www.agtradingsystems.it/dpZkBuRk.exe
Targets
-
-
Target
c090c67c80d0c7dcb403304899bba659a6cb100e77bf0f275983c68d918a8ddc
-
Size
113KB
-
MD5
0b2f0603be182c7e6708b6b9f3f154e9
-
SHA1
76643be9cd0db68b712f79bf9bd09a0439a07a9e
-
SHA256
c090c67c80d0c7dcb403304899bba659a6cb100e77bf0f275983c68d918a8ddc
-
SHA512
49b1d1daaff46359610e7305a037f58a2acf88f6dcd472285d18b50d5290c5bdf7fd58543514f5309417fa892acafd7f0e45fbccbaf23357bd58d1696c28cfd5
-
SSDEEP
3072:wpp4thNQ5PZgnBrpVHwwvUjiw4wgaiX9w+HBfs5z:Fw5PuVHw3n4wgbW+d
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-