General
-
Target
cb9e9584871326b32e702d0c1effa4d2801e17251c735dd7f28aa924c070f832
-
Size
119KB
-
Sample
221119-hbalfagh68
-
MD5
172deabf680dad439c6bbd1fa15f8040
-
SHA1
9dccab1ab6100d47f76acdd6d0c1a59c369294a9
-
SHA256
cb9e9584871326b32e702d0c1effa4d2801e17251c735dd7f28aa924c070f832
-
SHA512
e987195a41c824823b9e1a2f5c6105e326d933eed5345d7c20431a3ea0d5115aace3e04ec2d9df15dd2f94995e541d8e17f2921d55c7a37cb673cadc1d4ea938
-
SSDEEP
1536:A9Sxq+gLfnIBrGMvgOLjl/ICtTrwI0q6rHkbX4echbuXh7aMuGTwwrN5m7f4Mnry:A9SUPIdh/wXHuX4eybuBfh7m7pMQ
Static task
static1
Behavioral task
behavioral1
Sample
cb9e9584871326b32e702d0c1effa4d2801e17251c735dd7f28aa924c070f832.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
cb9e9584871326b32e702d0c1effa4d2801e17251c735dd7f28aa924c070f832.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://forum.xcpus.com:8080/forum/viewtopic.php
http://playrummyonlineguide.com/forum/viewtopic.php
http://pokeraffiliatesolutions.co.uk/forum/viewtopic.php
http://pokercritics.com/forum/viewtopic.php
-
payload_url
http://tvgames.gr/C7kp2.exe
http://drritakirby.com.au/LS3aG4.exe
http://www.visitoria.it/yEkkEuPf.exe
http://tofthilldrivingschool.co.uk/xGyMVGV.exe
Targets
-
-
Target
cb9e9584871326b32e702d0c1effa4d2801e17251c735dd7f28aa924c070f832
-
Size
119KB
-
MD5
172deabf680dad439c6bbd1fa15f8040
-
SHA1
9dccab1ab6100d47f76acdd6d0c1a59c369294a9
-
SHA256
cb9e9584871326b32e702d0c1effa4d2801e17251c735dd7f28aa924c070f832
-
SHA512
e987195a41c824823b9e1a2f5c6105e326d933eed5345d7c20431a3ea0d5115aace3e04ec2d9df15dd2f94995e541d8e17f2921d55c7a37cb673cadc1d4ea938
-
SSDEEP
1536:A9Sxq+gLfnIBrGMvgOLjl/ICtTrwI0q6rHkbX4echbuXh7aMuGTwwrN5m7f4Mnry:A9SUPIdh/wXHuX4eybuBfh7m7pMQ
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-