General
-
Target
e1b64283f9549fc6d4a2b96411ba98cbb74bc8ebf037a91c42b08eb2d2af0f76
-
Size
110KB
-
Sample
221119-g2rrzage36
-
MD5
2790eacdbdc1091212a81a161f3dca80
-
SHA1
7c92c6f92e0ce0c044cbed4473071cc3e95277ca
-
SHA256
e1b64283f9549fc6d4a2b96411ba98cbb74bc8ebf037a91c42b08eb2d2af0f76
-
SHA512
fb44f29b43e2ef9bee44c2be40339c698db5c159d00028d63bed4d79c2114973138b03c6191ea75010a98c523a46918ccc920888819f904cedb7ec8e7eec440a
-
SSDEEP
3072:DONrZMTzWU24zYH0tbgzXeVrN4h5kYZpQT:qFMvW3Yb6E+TnUT
Static task
static1
Behavioral task
behavioral1
Sample
e1b64283f9549fc6d4a2b96411ba98cbb74bc8ebf037a91c42b08eb2d2af0f76.exe
Resource
win7-20221111-en
Malware Config
Extracted
pony
http://louievozza.com/forum/viewtopic.php
http://louvozza.com/forum/viewtopic.php
http://lv-contracting.com/forum/viewtopic.php
http://lvconcordecontracting.com/forum/viewtopic.php
-
payload_url
http://akroncantonhalloween.com/ydTQ.exe
http://www.gungeartogo.socialpacific.com/z3X.exe
http://66.71.156.136/GFY2.exe
http://bouncebackonline.com/a69qu.exe
Targets
-
-
Target
e1b64283f9549fc6d4a2b96411ba98cbb74bc8ebf037a91c42b08eb2d2af0f76
-
Size
110KB
-
MD5
2790eacdbdc1091212a81a161f3dca80
-
SHA1
7c92c6f92e0ce0c044cbed4473071cc3e95277ca
-
SHA256
e1b64283f9549fc6d4a2b96411ba98cbb74bc8ebf037a91c42b08eb2d2af0f76
-
SHA512
fb44f29b43e2ef9bee44c2be40339c698db5c159d00028d63bed4d79c2114973138b03c6191ea75010a98c523a46918ccc920888819f904cedb7ec8e7eec440a
-
SSDEEP
3072:DONrZMTzWU24zYH0tbgzXeVrN4h5kYZpQT:qFMvW3Yb6E+TnUT
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-