General
-
Target
f20fc5b36301c73170d9fd6eefd31f74ddaf6b835945b1af706f186b8ee538c0
-
Size
129KB
-
Sample
221119-gvtmzscd3t
-
MD5
418280a69f4f9f7363dbd400d1531270
-
SHA1
83f5adf3852f8d89853be01c5c314c210035dd20
-
SHA256
f20fc5b36301c73170d9fd6eefd31f74ddaf6b835945b1af706f186b8ee538c0
-
SHA512
378aa0c26c3ed3e44e947a7b83cd336b5bb243b5177e49b0604aeba5977bf76dfa41d3efa41003baf713576632a96bef01e0fdcdbe2d7102ec19dbe4f1c7ce92
-
SSDEEP
1536:XR+mzRKklUFgYnNXopHZNk+itc5Vcg+vgV1K+ucUgewhj+kilpKncMNfmVejEvwr:XoIENzcjfK+9UWjt2Yncq6E1j/
Static task
static1
Behavioral task
behavioral1
Sample
f20fc5b36301c73170d9fd6eefd31f74ddaf6b835945b1af706f186b8ee538c0.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f20fc5b36301c73170d9fd6eefd31f74ddaf6b835945b1af706f186b8ee538c0.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
pony
http://mail.yaklasim.com:8080/forum/viewtopic.php
http://116.122.158.195:8080/forum/viewtopic.php
http://snorerxcouponcode.org/forum/viewtopic.php
http://snorerxreviews.info/forum/viewtopic.php
-
payload_url
http://metrologico.gr/oDrSGj.exe
http://www.whyabout.com/1LNJ8PMt.exe
http://repro2go.com/QLQ5kL8.exe
Targets
-
-
Target
f20fc5b36301c73170d9fd6eefd31f74ddaf6b835945b1af706f186b8ee538c0
-
Size
129KB
-
MD5
418280a69f4f9f7363dbd400d1531270
-
SHA1
83f5adf3852f8d89853be01c5c314c210035dd20
-
SHA256
f20fc5b36301c73170d9fd6eefd31f74ddaf6b835945b1af706f186b8ee538c0
-
SHA512
378aa0c26c3ed3e44e947a7b83cd336b5bb243b5177e49b0604aeba5977bf76dfa41d3efa41003baf713576632a96bef01e0fdcdbe2d7102ec19dbe4f1c7ce92
-
SSDEEP
1536:XR+mzRKklUFgYnNXopHZNk+itc5Vcg+vgV1K+ucUgewhj+kilpKncMNfmVejEvwr:XoIENzcjfK+9UWjt2Yncq6E1j/
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-